4 lan ip filter, Lan ip filter, Command – FUJITSU XG Series P3NK-4452-01ENZD User Manual

XG Series User's Guide

Chapter 5 Command Reference

LAN Information Settings

186

5.5.1.4

lan ip filter

Function

Set the IP filter.

Available Model

XG0224 / XG0448 / XG2600

Syntax

lan [<number>] ip filter <count> <action> acl <acl_count>

Options

<number>
• lan definition number

Specify a lan definition serial number with a decimal value.
The default is 0.

<count>
• Filtering definition number

Specify a definition number, which indicates a filtering priority, with a decimal value.
The specified value is sorted and renumbered in sequence. If a filtering definition with
the same value already exists, the existing one will be changed.

<action>
Set whether or not to transmit the packet to be filtered.
• pass

Transmit the relevant packet.

• reject

Block the relevant packet.

<acl_count>
• ACL definition number

Specify the required ACL definition number with a decimal value.
If the ACL specified in <acl_count> is not defined, the filtering definition will be disabled
and ignored.
Use the following ACL definition for IP filter.
- ip

If the ip value is not set, the filtering definition will be disabled and ignored.

- tcp

Available only when "6" is set in <protocol> of ip.
Otherwise, the set value is ignored.
If the tcp value is not set while "6" is set in <protocol> of ip, each value of tcp will be
assumed to be "any".

- udp

Available only when "17" is set in <protocol> of ip.
Otherwise, the set value is ignored.
If the udp value is not set while "17" is set in <protocol> of ip, each value of udp is
assumed to be "any".

- icmp

Available only when "1" is set in <protocol> of ip.
Otherwise, the set value is ignored.
If the icmp value is not set while "1" is set in <protocol> of ip, each value of icmp will
be assumed to be "any".

Use Mode

Configuration mode (admin class)

Range

Model

0 to 511

XG0224 / XG0448

0 to 63

XG2600