beautypg.com

FUJITSU SPARC ENTERPRISE M9000 User Manual

Page 277

background image

setpacketfilters(8)

System Administration

253

EXTENDED

DESCRIPTION

When the command is executed, a prompt to confirm execution of the command
with the specified options is displayed. Enter "y" to execute the command or "n"
to cancel the command.

The IP packet filtering rules are applied in the order in which they are defined.

Rules for permitted senders must be defined before filter restrictions. First,
configure permitted senders; then, configure the setting for dropped packets. If
specified in reverse order, all IP packets will be dropped.

Improper filtering rules can prevent normal network functions for the interface.

If both the -i interface and the -s address [/mask] options are omitted, the rule is
applied to all IP packets received through XSCF-LAN.

If the netmask value specified by the -s address [/mask] option does not
correspond to any of the following, an error results.

Only the most significant bit is 1

Repeated 1 from the most significant bit

A rule which overlaps with an already-defined IP packet filtering rule cannot be
set.

Up to 16 IP packet filtering rules can be set.

If a message indicates that the XSCF must be reset, do so using the
rebootxscf

(8) command.

Use the showpacketfilters(8) command to display the current IP packet
filtering rules.

EXAMPLES

EXAMPLE 1

Drops the IP packet sent from the IP address 10.10.10.10.

-s

address[/mask]

Specifies the sender of the IP packet. Either an IP address or a
network IP address with a netmask (/mask) added can be
specified.

To specify an IP address or a network IP address, use the
standard form of four integer values delimited by "." (periods).
For example, use xxx.xxx.xxx.xxx, where xxx is an integer from
0-255. Zero suppression can be used to specify the integer.

If the -s option is omitted, the filtering rule is applied to all IP
packets received via the specified network interface.

-y

Automatically answers "y" (no) to all prompts.

XSCF>

setpacketfilters -c add -s 10.10.10.10 -j DROP

-s 10.10.10.10/255.255.255.255 -j DROP

See also other documents in the category FUJITSU Computers: