3.9.14 Setting the IP Packet Filtering Rules for the XSCF Network
3.9.14 Setting the IP Packet Filtering Rules for the XSCF Network
To confirm the IP packet filtering rules that are set for the XSCF network, use the showpacketfilters command. Also, to set the IP packet filtering rules, use the setpacketfilters command. Execute the setpacketfilters command with a user account that has the platadm or fieldeng privilege.
You can set the XSCF network IP filtering rules for input packets only. No such rules can be set for output packets.
You can set the XSCF network IP filtering rules for input packets only. No such rules can be set for output packets.
- Execute the showpacketfilters command to display the IP packet filtering rules for the XSCF-LAN.
The following example displays the set IP packet filtering rules for the XSCF network.
XSCF> showpacketfilters -a -i bb#00-lan#0 -j ACCEPT -i bb#01-lan#1 -j ACCEPT -s 173.16.0.0/255.255.0.0 -j ACCEPT -s 205.168.148.100/255.255.255.255 -j ACCEPT |
- The following example displays the applied IP packet filtering rules.
XSCF> showpacketfilters -l pkts bytes target prot in source 124 102K ACCEPT all bb#00-lan#0 0.0.0.0/0.0.0.0 0 0 ACCEPT all bb#00-lan#1 0.0.0.0/0.0.0.0 0 0 ACCEPT all * 173.16.0.0/255.255.0.0 0 0 ACCEPT all * 205.168.148.100 |
- The following example shows that no IP packet filtering rules are set.
XSCF> showpacketfilters -a XSCF> |
- Execute the setpacketfilters command to set an IP packet filtering rule.
The priority among the IP packet filtering rules follows the order in which they were set.
The following example permits packets to pass through the IP addresses 192.168.100.0/255.255.255.0.
XSCF> setpacketfilters -y -c add -i bb#00-lan#0 -s 192.168.100.0/255.255.255.0 -j ACCEPT -s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT NOTE: applied IP packet filtering rules. Continue? [y|n] :y |
- The following example permits packets to pass through the IP addresses 192.168.100.0/255.255.255.0 for XSCF-LAN#0 of BB#00.
XSCF> showpacketfilters -a -s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT XSCF> XSCF> setpacketfilters -y -c add -i bb#00-lan#0 -j DROP -s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT -i bb#00-lan#0 -j DROP NOTE: applied IP packet filtering rules. Continue? [y|n] :y XSCF> XSCF> showpacketfilters -a -s 192.168.100.0/255.255.255.0 -i bb#00-lan#0 -j ACCEPT -i bb#00-lan#0 -j DROP |
- The following example deletes a setting for discarding communication from 10.10.10.10.
XSCF> showpacketfilters -a -s 172.16.0.0/255.255.0.0 -i bb#00-lan#0 -j DROP -s 10.10.10.10 -j DROP XSCF> XSCF> setpacketfilters -y -c del -s 10.10.10.10 -j DROP -s 172.16.0.0/255.255.0.0 -i bb#00-lan#0 -j DROP NOTE: applied IP packet filtering rules. Continue? [y|n] :y XSCF> XSCF> showpacketfilters -a -s 172.16.0.0/255.255.0.0 -i bb#00-lan#0 -j DROP |
- The following example clears all the set IP packet filtering rules.
XSCF> setpacketfilters -c clear (none) NOTE: applied IP packet filtering rules. Continue? [y|n] :y |
< Previous Page | Next Page >