Skip to main content

3.9.14 Setting the IP Packet Filtering Rules for the XSCF Network


3.9.14 Setting the IP Packet Filtering Rules for the XSCF Network
To confirm the IP packet filtering rules that are set for the XSCF network, use the showpacketfilters command. Also, to set the IP packet filtering rules, use the setpacketfilters command. Execute the setpacketfilters command with a user account that has the platadm or fieldeng privilege.
You can set the XSCF network IP filtering rules for input packets only. No such rules can be set for output packets.
  1. Execute the showpacketfilters command to display the IP packet filtering rules for the XSCF-LAN.
    The following example displays the set IP packet filtering rules for the XSCF network.
XSCF> showpacketfilters -a
-i bb#00-lan#0 -j ACCEPT

-i bb#01-lan#1 -j ACCEPT

-s 173.16.0.0/255.255.0.0 -j ACCEPT

-s 205.168.148.100/255.255.255.255 -j ACCEPT
  1. The following example displays the applied IP packet filtering rules.
XSCF> showpacketfilters -l
pkts bytes target prot in source
124 102K ACCEPT all bb#00-lan#0 0.0.0.0/0.0.0.0
0 0 ACCEPT all bb#00-lan#1 0.0.0.0/0.0.0.0
0 0 ACCEPT all * 173.16.0.0/255.255.0.0
0 0 ACCEPT all * 205.168.148.100
  1. The following example shows that no IP packet filtering rules are set.
XSCF> showpacketfilters -a
XSCF>
  1. Execute the setpacketfilters command to set an IP packet filtering rule.
    The priority among the IP packet filtering rules follows the order in which they were set.
    The following example permits packets to pass through the IP addresses 192.168.100.0/255.255.255.0.
XSCF> setpacketfilters -y -c add -i bb#00-lan#0 -s
192.168.100.0/255.255.255.0 -j ACCEPT
-s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT

NOTE: applied IP packet filtering rules.
Continue? [y|n] :y
  1. The following example permits packets to pass through the IP addresses 192.168.100.0/255.255.255.0 for XSCF-LAN#0 of BB#00.
XSCF> showpacketfilters -a
-s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT

XSCF>
XSCF> setpacketfilters -y -c add -i bb#00-lan#0 -j DROP
-s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT

-i bb#00-lan#0 -j DROP

NOTE: applied IP packet filtering rules.
Continue? [y|n] :y
XSCF>
XSCF> showpacketfilters -a
-s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT

-i bb#00-lan#0 -j DROP
  1. The following example deletes a setting for discarding communication from 10.10.10.10.
XSCF> showpacketfilters -a
-s 172.16.0.0/255.255.0.0 -i bb#00-lan#0 -j DROP

-s 10.10.10.10 -j DROP

XSCF>
XSCF> setpacketfilters -y -c del -s 10.10.10.10 -j DROP
-s 172.16.0.0/255.255.0.0 -i bb#00-lan#0 -j DROP

NOTE: applied IP packet filtering rules.
Continue? [y|n] :y
XSCF>
XSCF> showpacketfilters -a
-s 172.16.0.0/255.255.0.0 -i bb#00-lan#0 -j DROP
  1. The following example clears all the set IP packet filtering rules.
XSCF> setpacketfilters -c clear
(none)
NOTE: applied IP packet filtering rules.
Continue? [y|n] :y