Lucent Technologies 6000 User Manual
Page 416
9-52
MAX 6000/3000 Network Configuration Guide
Configuring IP Routing
Configuring WAN interfaces
Note:
A filter definition cannot contain new lines. The syntax is shown here on multiple lines
for printing purposes only.
Keyword or argument Description
iptos
Specifies an IP filter.
dir
Specifies filter direction. You can specify
in
(to filter packets com-
ing into the MAX) or
out
(to filter packets going out of the MAX).
dstip
n.n.n.n/nn
If the
dstip
keyword is followed by a valid IP address, the TOS
filter sets bytes only in packets with that destination address. If a
subnet mask portion of the address is present, the MAX compares
only the masked bits. If the
dstip
keyword is followed by the zero
address (0.0.0.0), or if this keyword and its IP address specification
are not present, the filter matches all IP packets.
srcip
n.n.n.n/nn
If the
srcip
keyword is followed by a valid IP address, the TOS
filter sets bytes only in packets with that source address. If a subnet
mask portion of the address is present, the MAX compares only the
masked bits. If the
srcip
keyword is followed by the zero address
(0.0.0.0), or if this keyword and its IP address specification are not
present, the filter matches all IP packets.
proto
Specifies a TCP/IP protocol number. A value of zero matches all
protocols. If you specify a nonzero number, the MAX compares it
to the Protocol field in packets. For a complete list of protocol num-
bers, see RFC 1700.
dstport
cmp value
If the
dstport
keyword is followed by a comparison symbol and a
port, the MAX compares the specified port to the destination port
of a packet. The comparison symbol can be < (less-than), = (equal),
> (greater-than), or != (not-equal). The port value can be one of the
following names or numbers: ftp-data (20), ftp (21), telnet (23),
smtp (25), nameserver (42), domain (53), tftp (69), gopher (70),
finger (79), www (80), kerberos (88), hostname (101), nntp (119),
ntp (123), exec (512), login (513), cmd (514), or talk (517).
srcport
cmp value If the srcport keyword is followed by a comparison symbol and
a port name or number, the MAX compares the specified port to the
source port of a packet. The comparison symbol can be <
(less-than), = (equal), > (greater-than), or != (not-equal). The port
value can be one of the following names or numbers: ftp-data (20),
ftp (21), telnet (23), smtp (25), nameserver (42), domain (53), tftp
(69), gopher (70), finger (79), www (80), kerberos (88), hostname
(101), nntp (119), ntp (123), exec (512), login (513), cmd (514), or
talk (517).