15 match protocol – Fortinet 548B User Manual
Page 370
- 370 -
<tosmask> is a two-digit hexadecimal number from 00 to ff.
The <tosmask> denotes the bit positions in <tosbits> that are used for comparison against
the IP TOS field in a packet. For example, to check for an IP TOS value having bits 7 and 5 set
and bit 1 clear, where bit 7 is most significant, use a <tosbits> value of a0 (hex) and a
<tosmask> of a2 (hex).
i
The ip dscp, ip precedence, and ip tos match conditions are alternative ways to specify a
match criterion for the same Service Type field in the IP header, but with a slightly different
user notation.
In essence
, this the “free form” version of the IP DSCP/Precedence/TOS match
specification in that the user has complete control of specifying which bits of the IP Service
Type field are checked.
Default Setting
None
Command Mode
Class-Map Config
7.21.2.15 match protocol
This command adds to the specified class definition a match condition based on the value of the IP
Protocol field in a packet using a single keyword notation or a numeric value notation.
Syntax
match protocol {
<protocol-name> is one of the supported protocol name keywords. The currently supported values
are: icmp, igmp, ip, tcp, udp. Note that a value of ip is interpreted to match all protocol number
values. To specify the match condition using a numeric value notation, the protocol number is a
standard value assigned by IANA and is interpreted as an integer from 0 to 255.
i
This command does not validate the protocol number value against the current list defined
by IANA.
Default Setting
None
Command Mode
Class-Map Config / Ipv6-Class-Map Config