No subject


Tue Jun 4 12:17:20 MDT 2013 

There's 10 filters.


The following example blocks all web access.
set filter 0 on deny all 0.0.0.0. 0.0.0.0  0.0.0.0. port 80
 
The following example blocks all telnet access from the 192.168.0.25 network.
set filter 1 on deny all 192.168.0.0 255.255.255.0 0.0.0.0. 0.0.0.0 port 23
 
The following example accepts telnet access from the host 192.168.0.25.
set filter 2 on allow all 192.168.0.25 255.255.255.255 0.0.0.0. 0.0.0.0 port 23
 
The following example blocks all FTP access on a wan port.
set filter 3 on deny wan0-1 0.0.0.0. 0.0.0.0 0.0.0.0. 0.0.0.0 port 21
 
The following example turns off the first filter.
set filter 0 off


---------------------

set filter {code} {on | off | reset} [deny | allow] {incoming | outgoing} {interface eth0 | wan0-0 | 
all}{src-ip src-mask dest-ip dest-mask} [protocol TCP | UDP | ICMP] [srcport lo - hi] [destport lo - 
hi]


Syntax Description

code
 Enter the filter number to be modified. Valid filter code values are 0 through 19.
 
on | off | reset
 Enables, disables or resets the filter. Reset allows you to reset a filter to default values without 
removing an entire configuration.
 
deny | allow
 Specifies whether the filter is to allow or deny packets that match the filter's address and mask.
 
incoming | outgoing
 Specifies direction of traffic to be filtered; required.
 
interface eth0 | wan0-0 | all
 Displays the Interface on which to apply the filter. This can be a particular interface such as eth0 
or wan0-x or all interfaces.
 
src-ip
 Enter the source IP address for packets.
 
src-mask
 Enter the mask to be applied to source IP address. This allows the filter to match a group of 
incoming IP addresses. 
 
dest-ip
 Enter the destination IP address of outgoing packets.
 
dest-mask
 Enter the mask to be applied to destination IP address. This allows the filter to match a group of 
outgoing IP addresses. 
 
protocol TCP | UDP | ICMP
 Specify which protocol to match; optional.
 
srcport lo - hi
 Displays the inclusive range of source port numbers to block; 1 - 65535 matches all source ports.
 
destport lo - hi
 Displays the inclusive range of destination port numbers to block; 1 - 65535 matches all destination 
ports.
 


 
LP

More information about the LUG mailing list