6-30 CHAPTER 6: MANUAL SETUP
The OR operation can be implemented by successive rules. For example, to accept
a packet if the source address is xxx, or the destination address is yyy, the
following rules are used:
IP:
1 ACCEPT src-addr=xxx;
2 ACCEPT dst-addr=yyy;
999 DENY;
(This will only accept packets from the specified address(es); all other packets will
be rejected.)
The following table describes the keywords for each protocol section and their
legal operators used in the rule syntax. Value ranges are also given where ddd is a
decimal between 1 and 255, mask is a decimal between 1 and 32, and xx is a hex
number:
Field Description
line # Each rule must have a unique line number from 1-10 plus 999 for the DENY verb.
You must arrange rules in increasing order.
Verb This field can be one of the following:
ACCEPT - Allow the packet access if the condition is met (use with DENY verb to
indicate reject all other packets).
REJECT - Do not allow the packet access if the condition is met.
AND - Logically use the AND condition with condition of the next rule to
determine if the packet is accepted or rejected. Both defined conditions must be
met.
Keyword The keywords for all protocol, descriptions, corresponding operators and values.
Operator Describes the relationship between the keyword and its value. The operator field
must be one of the following:
= Equal
!= Not equal
> Greater than
< Less than
>= Greater or Equal
<= Less or Equal
=> Generic
value Contains a entity that is appropriate for the keyword.
Table 6-4 Protocol Keywords
Protocol
Section
Keyword Operators Description and Value Range
IP src-addr
dst-addr
tcp-src-port
tcp-dst-port
udp-src-port
udp-dst-port
protocol
generic
=, !=
=, !=
all
all
all
all
=, !=
=
Source IP Address (ddd.ddd.ddd.ddd/mask)
Destination IP Address (ddd.ddd.ddd.ddd/mask)
TCP source port (1 - 65535)
TCP destination port (1 - 65535)
UDP source port (1-65535)
UDP destination port (1-65535)
IP protocol (UDP, TCP, ICMP)
Generic filter
IP-RIP network =, != IP network number (ddd.ddd.ddd.ddd/mask)
