Command Syntax
{deny | permit} tcp
} [
ip-address
operator port
any
host ip-address
mask
|
|
established
count
[
] [
{deny | permit} udp
ip-address
} [
operator port
any
host ip-address
|
|
mask
log
|
]
Figure 39-14
filters were assigned sequence numbers based on the order in which they were configured (for example,
the first filter was given the lowest sequence number). The
mode displays the two filters with the sequence numbers 5 and 10.
|
Security
814
any
host
{
source mask
|
|
[
]] {
port
destination
} [
operator port
[
byte
log
[
] |
]
any
host
{
|
|
source mask
[
port
]] {
destination
} [
[
operator port
illustrates a Trace list in which the sequence numbers were assigned by the software. The
Command Mode
TRACE LIST
port
]]
TRACE LIST
]]
port
show config
Purpose
Configure a deny or permit filter to
examine TCP packets. Configure the
following required and optional
parameters:
•
source: An IP address as the source
IP address for the filter to match.
mask: a network mask
•
any: to match any IP source address
•
host ip-address: to match IP
•
addresses in a host.
destination: An IP address as the
•
source IP address for the filter to
match.
precedence precedence range: 0 to
•
7.
tos tos-value range: 0 to 15
•
count: count packets processed by the
•
filter.
byte: count bytes processed by the
•
filter.
log: is supported.
•
Configure a deny or permit filter to
examine UDP packets. Configure the
following required and optional
parameters:
source: An IP address as the source
•
IP address for the filter to match.
•
mask: a network mask
any: to match any IP source address
•
host ip-address: to match IP
•
addresses in a host.
destination: An IP address as the
•
source IP address for the filter to
match.
precedence precedence range: 0 to
•
7.
tos tos-value range: 0 to 15
•
count: count packets processed by the
•
filter.
byte: count bytes processed by the
•
filter.
log: is supported.
•
command in the TRACE LIST