Support User Manuals

Hitachi GR2000 Series Network Router User Manual

Open as PDF

of 500

Hitachi Gigabit Router GR2000 Series Enhanced Version Configuration Commands, Vol. 2

1-118 GR2K-GA-0014

Ver. 07-02

Description: Specifies TCP one-way communication permission (ACK flag).

The

-ack_check_off option excludes the packet from filtering

when its ACK flag is on. The

-ack_check option filters the

packet when its ACK flag is on.

Default: -ack_check_off

Range of value: None

Description: Specifies permission for establishing a virtual circuit (SYN

flag). The

-syn_check_off option excludes the packet from

filtering when its SYN flag is on. The

-syn_check option filters

the packet when its SYN flag is on.

Default: -syn_check_off

Range of value: None

Description: Specifies the ICMP type number in decimal

Default: Undefined

Range of value: 0–255

*

Note: Define the filtering according to the GR2000 Configuration Settings (universal CLI) manual

when the IPv4 packets shown in the table below are filtered under the ACK/SYN flag

conditions of a TCP header.

The filtering of the IPv4 packets shown in the table below that is performed under the ACK/

SYN flag conditions of a TCP header is limited when IPv4 packets are used in a way except as

described above. The IPv4 packets cannot be properly filtered even if "ack" and "syn"

parameters are set to the filter flow information.

Table 1-62 Packet Type in which the Filtering Based on the Flag (ACK and SYN)

Conditions of TCP Header Is Limited in Use

Packet Type Limited Filtering Item

IPv4 packet generated by this router • IPv4 packets do not match the filter list, to which

"-ack_check" or "-syn_check" is set, in conditions. In other

words, both ACK and SYN flags are searched for filtering

as if packet 0 were input.

Packet applied to the conditions below among the

IPv4 packets relayed by this router:

(1) Packet with option (IP header)

The same as described above.

Packet applied to the conditions below among the

IPv4 packets relayed by this router:

(2) Packet requiring fragmentation

(3) Packet requiring redirection

(4) Packet in which ARP has not been solved

• The packets to be discarded are properly discarded when

they conform to the filtering conditions.

• The packets to be relayed do not match the filter list, to

which "-ack_check" or "-syn_check" is set, in conditions

when they conform to the filtering conditions. In other

words, both ACK and SYN flags are searched for filtering

as if packet 0 were input.

previous next