Motorola 3347 User Manual

262

Stateful Inspection

Stateful inspection options are accessed by the

security state-insp tag.

set security state-insp [ ip-ppp | dsl ] vcc

n

option [ off | on ]

set security state-insp ethernet [ A | B ] option [ off | on ]

Sets the stateful inspection option off or on on the specified inter face. This option is dis-
abled by default. Stateful inspection prevents unsolicited inbound access when NAT is dis-
abled.

set security state-insp [ ip-ppp | dsl ] vcc

n

default-mapping [ off | on ]
set security state-insp ethernet [ A | B ]
default-mapping [ off | on ]

Sets stateful inspection default mapping to router option off or on on the specified inter-
face.

set security state-insp [ ip-ppp | dsl ] vcc

n

tcp-seq-diff

[ 0 - 65535 ]
set security state-insp ethernet [ A | B ] tcp-seq-diff
[ 0 - 65535 ]

Sets the acceptable TCP sequence difference on the specified inter face. The TCP
sequence number difference maximum allowed value is 65535. If the value of tcp-seq-diff
is 0, it means that this check is disabled.

set security state-insp [ ip-ppp | dsl ] vcc

n

deny-fragments [ off | on ]
set security state-insp ethernet [ A | B ]
deny-fragments [ off | on ]

Sets whether fragmented packets are allowed to be received or not on the specified inter-
face.

set security state-insp tcp-timeout [ 30 - 65535 ]

Sets the stateful inspection TCP timeout inter val, in seconds.