Table of Contents
Advertisement
--icmp-type ping
The type can be preceded by ! to match any message except the type listed, for example:
--icmp-type ! 1
Specifying TCP or UDP ports
If the protocol is TCP or UDP, the -s ( or --sport) and -d (or --dport) options specify the
TCP or UDP ports to match.
A range of ports can be specified by giving the first and last ports separated by a :, as in --
dport 0:1023. It is also possible to precede the port specification with a ! to match all ports
which are not included in the range, for example, --sport ! 0:1023. However, the range of
ports must be a power of two, starting with a port number which is a multiple of the range.
Specifying TCP flags
If the protocol is TCP, a match on particular TCP flags is specified by listing the flag names; for
example, -p tcp --syn.
Specifying an Interface
The -i (or --in-interface) and -o (or --out-interface) options specify the name of an
interface to match. An interface is the physical device the packet came in on (-i) or is going out
on (-o). You can use the ifconfig command to list the `up' interfaces (that is, working at the
moment).
As a special case, an interface name ending with a + will match all interfaces, whether they
currently exist or not, which begin with that string. For example, to specify a rule which matches
all zhp interfaces, the -i zhp+ option would be used.
Filter Rule Targets
As mentioned above the
construct within a rule specifies which target is to be used in filter rule
-j
to define a target.
Supported Targets
The following are the supported targets. The switch has many additional targets that are software
based (example Network Address Translation or generic connection tracking). Please contact HP
Technical support if you have additional questions on additional features.
Classical Targets
DROP
This drops the packet.
ACCEPT
Accepts the packet
Ethernet Switch Blade User's Guide
release 3.2.2j
page 111
Downloaded from
www.Manualslib.com
manuals search engine
Advertisement
Table of Contents
Troubleshooting
