Remote ipfilter list, Remote ipfilter watch, Parameters – Efficient Networks 107-0001-000 User Manual
Page 219: Command
Efficient Networks
®
Page 6-31
For example, the command
would check what action (accept, drop, reject, inipsec, outipsec) would be taken for a
TCP packet after it was compared with the list of input filters defined for remote entry
branch1.
remote ipfilter list
remote ipfilter list <type> <remotename>
Lists all filters of the specified
<type>
(input, receive, transmit, or output) for this
remote entry.
remote ipfilter watch
remote ipfilter watch <on | off> [-q | -v] <remotename>
Turns on or turns off the console watch for this remote router entry. If the watch is on,
a message is printed to the console serial port when a packet is dropped or rejected.
(The message is also sent to any Syslog servers; see “
Syslog Client” on page 7-1.
)
However, if the parameter -q (quiet) was specified for a filter, no message is printed
when that filter matches a packet. If the parameter -v (verbose) was specified for a
filter, a message is printed whenever that filter matches a packet, regardless of the
filter action.
To see the messages, Telnet to the router and enter
. The watch does not
continue after a
; to resume the watch, you must enter the
<on>
command again.
Parameters
The filter
<type>
specifies at which point the filter is compared to the IP packet (see
the illustration under “
Filters and Interfaces” on page 5-23
):
If the packet matches the filter, the specified action is performed:
-> remote ipfilter check input -p TCP branch1
input
When the packet enters the interface, before any network address
translation is performed.
receive
When the packet enters the interface, after any network address
translation, but before routing table processing.
transmit
After routing table processing, before any network address transla-
tion before the packet is sent out.
output
After routing and network address translation, just before the packet
is sent out.
accept
The packet is allowed to proceed for further processing.
drop
The packet is discarded, without sending an ICMP (Internet Control
Management Protocol) error message.