Filter
Top Products
Telnet Command Reference Guide V1.1
29
2.5.2 ipf set (for 2950 series only)
This command is used to set filter rule for firewall.
ipf set [SET_NO] rule [RULE_NO] [Options]
ipf set [Options]
Syntax Description
SET_NO It means to specify the index number (from 1 to 12) of filter set.
RULE_NO It means to specify the index number (from 1 to 7) of filter rule set.
Options There are several options provided here, such as -v, -c [SET_NO], -d
[SET_NO], -l [VALUE], - p [VALUE], -C [CSM_NO], -i [VALUE]
and -f [VALUE].
-v Type “-v” to view the configuration of general set
-c [SET_NO] It means to setup Call Filter, e.g., -c 2. The range for the index
number you can type is “0” to “12” (0 means “disable).
-d [SET_NO] It means to setup Data Filter, e.g., -d 3. The range for the index
number you can type is “0” to “12” (0 means “disable).
-l [VALUE] It means to setup Log Flag, e.g., -l 2
Type “0” to disable the log flag.
Type “1” to display the log of passed packet.
Type “2” to display the log of blocked packet.
Type “3” to display the log of non-matching packet.
- p [VALUE] It means to setup actions for packet not matching any rule. e.g., -p 1
Type “0” to let all the packets pass;
Type “1” to block all the packets.
-C [CSM_NO] It means to setup CSM for packet not matching any rule. Type the
index number of CSM profile (0 to 32, 0=None), e.g., -C 32
-i [VALUE] It means to apply IP filter to VPN incoming packets.
Type “0” to disable; type “1” to enable, e.g., -i 1
-f [VALUE] It means to accept large incoming fragmented UDP or ICMP packets.
Type “0” to disable; type “1” to enable, e.g., -f 0
Example
> ipf set 2 rule 1 -p 0
Setting saved.
> ipf set 2 rule 1 -v
Filter Set 2 Rule 1:
Status : Enable
Comments : xNetBios -> DNS
Index(1-15) in Schedule Setup: <null>, <null>, <null>, <null>
Direction : LAN -> WAN
Source IP : Any
Destination IP : Any
Service Type : TCP/UDP, Port: from 137~139 to 53