Juniper MEDIA FLOW CONTROLLER 2.0.4 - ADMINISTRATOR S GUIDE AND CLI Administrator's Manual page 326

Media Flow Controller CLI Commands
•
comment <string>
•
dest-addr <IPv4 prefix><IPv4 netmask>
range.
•
dest-port <port_or_port_range>
•
dup-delete
are duplicates of it. By default, there is no duplicate detection, and creation of duplicates
is freely permitted.
•
in-intf <interface_name>
•
not-dest-addr <IPv4 prefix><IPv4 netmask>
address range.
•
not-dest-port <port_or_port_range>
port range.
•
not-in-intf <interface_name>
•
not-out-intf <interface_name>
•
not-protocol <protocol>
description, for details.
•
not-source-addr
address range
•
not-source-port <port_or_port_range>
port range.
•
out-intf <interface_name>
•
protocol <protocol>
icmp, and all. Not specifying a protocol is the same as specifying protocol all.
Specifying not-protocol all will not match anything. If tcp or udp are selected for the
protocol, you may specify source and destination ports as well (if icmp is selected, these
options are either ignored, or produce an error.) The source or destination port may each
be either a single number, or a range specified as <low>-<high>; for example, 10-20
would specify ports 10 through 20, inclusive. Only one port or port range may be
specified per type; that is, one for source, and one for destination.
•
source-addr
range.
•
source-port <port_or_port_range>
•
state
classification of the packet relative to existing connections. If there are more than one
state, they should be separated by commas; for example, ESTABLISHED,RELATED. A
packet can be in one of three states:
•
ESTABLISHED
both directions.
•
RELATED
connection.
•
NEW
326 ip filter chain rule arguments
—Specify a comment for the specified rule.
—After adding or modifying the rule, delete all other pre-existing rules that
<IPv4 prefix><IPv4 netmask>
—Match a specific protocol. The available protocols are tcp, udp,
<IPv4 prefix><IPv4 netmask>
—Match packets in a particular state. The state criteria has to do with the
—It is associated with an existing connection which has seen traffic in
—It opens a new connection, but one which is related to an established
—It opens a new, unrelated connection.
Media Flow Controller Administrator's Guide
—Match a specific destination address
—Match a specific destination port or port range.
—Match a specific (single) inbound interface.
—Do not match a specific destination port or
—Do not match a specific inbound interface.
—Do not match a specific outbound interface.
—Do not match a specific protocol. See protocol target
—Do not match a specific source port or
—Match a specific (single) outbound interface.
—Match a specific source address
—Match a specific source port or port range.
—Do not match a specific destination
—Do not match a specific source
Copyright © 2010, Juniper Networks, Inc.