Asus GigaX2024SX User Manual

• All new rules are appended to the end of the list.

bnet mask, containing four integers from

“match” and 0 bits to indicate “ignore.” The bitmask is bitwise ANDed with the

n specify both Precedence and ToS in the same rule. However, if

edence nor ToS can be specified.

• The control-code bitmask is a decimal number (representing an equivalent bit

ed to the control code. Enter a decimal number, where the

h a bit and “0” means to ignore a bit.

The following bits may be specified:

- 4 (rst) – Reset

h) – Push

edgement

t pointer

value and mask below to catch packets with the

t:

- SYN flag valid, use “control-code 2 2”

CK valid, use “control-code 18 18”

• Address bitmasks are similar to a su
0 to 255, each separated by a period. The binary mask uses 1 bits to indicate

specified source IP address, and then compared with the address for each IP
packet entering the port(s) to which this ACL has been assigned.
• You ca
DSCP is used, then neither Prec

mask) that is appli
equivalent binary bit “1” means to matc

- 1 (fin) – Finish
- 2 (syn) – Synchronize

- 8 (ps
- 16 (ack) – Acknowl
- 32 (urg) – Urgen
For example, use the code
following flags se

- Both SYN and A
- SYN valid and ACK invalid, use “control-code 2 18”

Example
This example accepts any incoming packets if the source address is within subnet
10.7.1.x. For example, if the rule is matched; i.e., the rule (10.7.1.0 &
255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the
packet passes through.

This allows TCP packets from class C addresses 192.168.1.0 to any destination
address when set for destination TCP port 80 (i.e., HTTP).

This permits all TCP packets from class C addresses 192.168.1.0 with the TCP
control code set to “SYN.”

4-94