Filter
Top Products
ASYNC ROUTER AR-P, AR-5, AND SYNC ROUTER REFERENCE MANUAL
220
before—Position the filter expression name before the filter expression existing_name in the FE list.
after—Position the filter expression name after the filter expression existing_name in the FE list.
existing_name—The name of a filter expression currently residing in the FE priority list which you
want to use to orient the placement of a new FE in the list of filter priorities.
filter spoof iface [{allow | deny}] [syslog] [trap]
Enable detection of packets trying to perform “IP address spoofing,” which is a method of getting
data forwarded out of a network, from an external location.
A packet is “IP address spoofing” if it arrives on a Router interface with a source address, that is
inappropriate for that interface. For example, if a packet arrives at an external Router interface
(modem0, etc.) with a source address that is always internal to your network (i.e., it should always be
via eth0), then the packet is “IP address spoofing.”
The filter spoof command enables the Router to ensure that an incoming packet arrives on the
interface that the Router would use to send packets to the source address of that packet. Essentially,
the filter spoof command discards packets that imply that they are sourced from one interface, but
actually arrived on a different interface.
[{allow | deny}]—The deny option causes “IP address spoofing” packets to be discarded, and the
allow option allows these packets to be forwarded. By default, spoof filters are disabled (allow).
[syslog]—The syslog option enables a syslog message to be generated when an “IP address spoofing”
packet is detected.
[trap]—The trap option enables an SNMP trap to be generated when an “IP address spoofing”
packet is detected.
filter status—Displays the list of IP packet filters
filter try src_addr [-s port] dest_addr [-d port] [-p proto]
Use the filter try command to test your filters. The filter try command specifies test packets that are
submitted to your current filter list, and returns the result. For explanations of the parameters, refer
to previous filter command descriptions.
4.5 icmp
Display ICMP protocol information
Syntax
icmp status
Description
The icmp status command displays the status of the Internet Control Message Protocol (ICMP), which
consists of ICMP statistics such as the number of ICMP messages received of each type, the number sent,
etc.