Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

”passive” command, see

section 31.3.11

.

– The ”log” parameter enables logging for traffic that matches this

filter rule. Nothing will however be logged if logging is enabled
here but disabled under the common settings. See

section 31.3.12

.

Note: Logging differs in behavior between policy Accept and Deny.
See

section 31.1.6

for more details.

❼ Filter specification parameters:

– The first parameter is mandatory and select the action type ”allow”

or ”deny”.

– The ”in ” and ”src ” are used to match

the inbound interface and source IP address of a packet. If the ”LEN”
parameter is omitted the ”src ]” argument will match
a single source IP address. If included it will match a whole IP sub-
net.

– Include the ”out ” and/or ”dst ” arguments

to define a FORWARDING rule (i.e., packets being routed through the
switch). If both the ”out ” and the ”dst ”
arguments are omitted, the rule will apply to the INPUT chain, i.e.,
traffic destined to the switch itself (ICMP pings, SSH management,
etc.).
The ”out ” argument is used to match the outbound in-
terface of a packet.

Use the ”dst ” to match a single destination IP ad-
dress or whole subnet. If both the ”out ” and the ”dst
” arguments are omitted, the rule will apply to the
INPUT chain, i.e., traffic destined to the switch itself (ICMP pings,
SSH management, etc.).

– Use the ”proto ” to match the IP protocol name, e.g.,

tcp, udp or icmp. It is also possible to specify the protocol’s assigned
number, see

http://www.iana.org/assignments/protocol-numbers/

.

– Use the ”dport ” argument to specify a UDP or TCP

port number or port range (ex: 1000-1010). This argument is only
valid if ”proto udp” or ”proto tcp” is included.

Default values Not applicable.

736

➞ 2015 Westermo Teleindustri AB