Eth ip filter check, Eth ip filter list, Eth ip filter watch – Efficient Networks 107-0001-000 User Manual

Page 160: Parameters

Advertising
background image

Chapter 5: Ethernet Interface Commands

Efficient Networks

®

Router family

Command Line Interface Guide

Page 5-22

Efficient Networks

®

eth ip filter check

eth ip filter check <type> <parameters> [<interface>]

Checks the action that would be taken if a packet with the specified parameters was
compared with the list of filters defined for the specified

<type>

and

<interface>

.

For example, the command:

would check what action (accept, drop, reject, inipsec, outipsec) would be taken for a
TCP packet after it was compared with the list of input filters defined for port 1.

eth ip filter list

eth ip filter list <type> [<interface>]

Lists all filters of the specified

<type>

defined for the specified

<interface>

.

eth ip filter watch

eth ip filter watch <on | off> [-q | -v] [<interface>]

Enables or disables the console watch for the interface. If the watch is on, a message
is printed to the console serial port when a packet is dropped or rejected. (The
message is also sent to any Syslog servers; see “

Syslog Client” on page 7-1.

)

However, if the parameter -q (quiet) was specified for a filter, no message is printed
when that filter matches a packet. If the parameter -v (verbose) was specified for a
filter, a message is printed whenever that filter matches a packet, regardless of the
filter <action>.

To see the messages, Telnet to the router and enter system log start. The watch does
not continue after a reboot; to resume the watch after a reboot, you must enter the

eth

ip filter watch

on command again.

Parameters

The filter <type> specifies at which point the filter is compared to the IP packet (see
the illustration under “

Filters and Interfaces” on page 5-23

of the Technical Reference

Guide.):

-> eth ip filter check input -p TCP 1

input

When the packet enters the interface, before any network address
translation is performed.

receive

When the packet enters the interface, after any network address
translation, but before routing table processing.

transmit

After routing table processing, before any network address transla-
tion before the packet is sent out.

output

After routing and network address translation, just before the packet
is sent out.

Advertising
See also other documents in the category Efficient Networks Hardware: