Global filterset (“ipv6 firewall”) commands – ARRIS 2247-N8-10NA (v9.1.x) Admin Handbook User Manual

Administrator’s Handbook

32

Default actions

If a packet passes through all of a filter's rules without a match, then the filterset's default-actions come into
play. These behave the same way that rule actions behave.

set filterset name filterset_name default-action set-qos-marker qos_marker_string

Tags the packet according to the queue marker name.

set filterset name filterset_name default-action set-tos number

Sets the packet TOS field to the supplied value.

set filterset name filterset_name default-action set-dscp [ number |diffserv_class_string ]

Sets the DSCP field to the supplied value.

set filterset name filterset_name default-action set-eth-p-bits number

Sets VLAN priority bits to the supplied value.

set filterset name filterset_name default-action do-filterset name

Executes the supplied filterset.

set filterset name filterset_name default-action forward [ pass | drop | reject ]

Executes the named filterset’s default action:

pass

,

drop

, or

reject

.

Global Filterset (“IPv6 Firewall”) commands

Global filtersets exist at the root level of the hierarchy, outside the umbrella of both the “

ip

” and “

ip6

” sub-

trees, since they pertain to both.

Global filterset rules allow for the specification of these match attributes:

‹

IP Protocol

‹

Source and/or Destination Port
UDP
TCP

‹

TCP flags, for rules that specify TCP traffic

‹

ICMP Type, for IP-protocol types 1 (ICMP) and 58 (IPv6-ICMP)

‹

LAN-side device/range
By MAC address (or current IPv4/6 address, host name, equivalently)
IPv4 address, range, or subnet
IPv6 address or subnet

‹

WAN-side range
IPv4 address, range, or subnet
IPv6 address or subnet

‹

Ingress and egress interface, by link-oid (e.g. “LAN”)

set gfs name filterset_name enable [ on | off ]

Dynamically enables or disables the specified filterset rule.