Westermo RedFox Series User Manual
Page 736
Westermo OS Management Guide
Version 4.17.0-0
”passive” command, see
– The ”log” parameter enables logging for traffic that matches this
filter rule. Nothing will however be logged if logging is enabled
here but disabled under the common settings. See
Note: Logging differs in behavior between policy Accept and Deny.
See
for more details.
❼ Filter specification parameters:
– The first parameter is mandatory and select the action type ”allow”
or ”deny”.
– The ”in <IFNAME>” and ”src <ADDR[/LEN]>” are used to match
the inbound interface and source IP address of a packet. If the ”LEN”
parameter is omitted the ”src <ADDR/LEN>]” argument will match
a single source IP address. If included it will match a whole IP sub-
net.
– Include the ”out <IFNAME>” and/or ”dst <ADDR[/LEN]>” arguments
to define a FORWARDING rule (i.e., packets being routed through the
switch). If both the ”out <IFNAME>” and the ”dst <ADDR[/LEN]>”
arguments are omitted, the rule will apply to the INPUT chain, i.e.,
traffic destined to the switch itself (ICMP pings, SSH management,
etc.).
The ”out <IFNAME>” argument is used to match the outbound in-
terface of a packet.
Use the ”dst <ADDR[/LEN]>” to match a single destination IP ad-
dress or whole subnet. If both the ”out <IFNAME>” and the ”dst
<ADDR[/LEN]>” arguments are omitted, the rule will apply to the
INPUT chain, i.e., traffic destined to the switch itself (ICMP pings,
SSH management, etc.).
– Use the ”proto <NAME|NUM>” to match the IP protocol name, e.g.,
tcp, udp or icmp. It is also possible to specify the protocol’s assigned
number, see
– Use the ”dport <PORTRANGE>” argument to specify a UDP or TCP
port number or port range (ex: 1000-1010). This argument is only
valid if ”proto udp” or ”proto tcp” is included.
Default values Not applicable.
736
➞ 2015 Westermo Teleindustri AB