Section 31.3.3 – Westermo RedFox Series User Manual
Page 735
Westermo OS Management Guide
Version 4.17.0-0
Default values Enabled
31.3.3
Configure Packet Filter Rule
Syntax [no] filter [pos <NUM>] <allow|deny> [in <IFNAME>]
[out <IFNAME>] [src <ADDR[/LEN]>] [dst <ADDR[/LEN]>]
[dport <PORTRANGE>] [proto <NAME|NUM>] [passive] [log]
Context
context
Usage Add or delete a packet filter allow or deny rule.
❼ Rule maintenance parameters (insert position, activate/deactivate or
delete rule):
– Allow and deny rules are inserted (and thus evaluated) in a certain
order in the input or forward filter. The ”pos <NUM>” parameter con-
trols at what position in the rule order this packet filter rule should
be inserted, or when it comes to removing a rule, which packet fil-
ter rule to remove. The order is kept compact (see ”Delete rule”
below). Use the ”show filter” command to list the current packet
filter rule list and their position numbers. Examples:
✯ Insert rule: Use, e.g., ”filter pos 4 allow in vlan2” will in-
sert an allow rule at a specific position (here position 4) in the
list of packet filter rules. The rule previously at position 4 will
now have position 5, and so on.
If no position argument is given, the packet filter rule will be in-
serted last in the list. The position of a command can be modified
using the ”move” command (see
✯ Delete rule: Use, e.g., ”no filter pos 5” to delete the packet
filter rule (allow or deny) at a specific position (here position 5)
in the list of packet filter rules. The rule previously at position 6
will now have position 5, and so on, keeping the list compact.
A rule can also be deleted by using the no-form of the filter speci-
fication, e.g., the rule ”filter deny in vlan1 out vlan2” can
be deleted by the command ”no filter deny in vlan1 out
vlan2”.
– The ”passive” parameter specify that this rule is created as in-
active. It will be shown in config but not used. To enable use
➞ 2015 Westermo Teleindustri AB
735