Ip packet filter rule modifiers – Compatible Systems 5.4 User Manual

192

Chapter 11 - TCP/IP Filtering

v Note: RFC 1700 "Assigned Numbers" contains a listing of all currently
assigned IP protocol keywords and numbers.

IP Packet Filter Rule Modifiers

These modifiers act to restrict the type of packets which will match a filter
rule.

•

IP This option specifies that all packets from the source and destination
IP address and mask will match this rule. If no particular IP protocol
packet type (TCP, UDP, ICMP, GRE, AH, ESP or OSPF) is specified,
IP is assumed.

The IP protocols, other than IP itself, may be specified as a decimal
number or as a keyword. The supported keywords are followed by their
protocol numbers for your reference.

TCP (6)

UDP (17)

ICMP (1)

GRE (47)

AH (51)

OSPF (89)

ESP (50)

•

TCP
or TCP src <expression> <port>
or TCP dst <expression> <port>
or TCP est
or TCP src <expression> <port> est
or TCP dst <expression> <port> est

This modifier allows filtering on TCP (Transmission Control Protocol)
packets. A source or destination port may be filtered by including the src
or dst specifiers, followed by a logical expression and a port (as
described in the subsection above).

ICMP

TYPES

:

echo-reply (0)

dest-unrch (3)

src-quench (4)

redirect (5)

echo, ping (8)

time-exceed (11)

param-prob (12)

time (13)

time-reply (14)

info (15)

info-reply (16)

mask (17)

mask-reply (18)