4-78 Sun Fire B1600 Blade System Chassis Switch Administration Guide • June 2003
Syntax
ip filter [rule-number] action protocol {source source-bitmask}
{destination destination-bitmask}[fragments][log]
The port number is not checked. The fragments option is allowed.
ip filter [rule-number] action protocol {source source-bitmask}[source-port-range]
{destination destination-bitmask}[destination-port-range][log]
The port number is checked; that is, if either source-port-range or destination-
port-range is specified, the fragments option is not allowed.
ip filter [rule-number] action tcp {source source-bitmask}[source-port-range]
{destination destination-bitmask}[destination-port-range]
[code {{code code-bitmask}|code-keyword-seq}] [log]
Checks for tcp keyword. If found, the code option is allowed.
no ip filter {all |rule-number}
Deletes the specified rule number from the filter table.
■ rule-number – Inserts a filter rule at the specified position in the table, pushing
any existing patterns at or below that location down in the table. A rule-
number cannot exceed the next available number in the table. If the rule-
number is not specified, a new pattern is appended to the end of the rule table.
The maximum number of rules is 128.
■ action –{deny | permit}
Blocks or allows packets moving between the down-link ports and the
management port (NETMGT).
■ protocol –{any | tcp | udp | number}
Indicates any protocol, TCP, UDP, or a specific protocol number (0 to 255).
■ source source-bitmask – The frame’s source address and netmask.
■ source-port-range – [number | start_number-end_number]
TCP/UDP source port or port range. (Range: 0 to 65,535)
■ destination destination-bitmask – The frame’s destination address and netmask.
■ destination-port-range – [number | start_number-end_number]
TCP/UDP destination port or port range. (Range: 0-65535)
■ code
code – A decimal number (representing a bit string) that specifies flag bits in
byte 14 of the TCP header. (Range: 0-63)
code-bitmask – A decimal number (representing a bit mask) that is applied to
the code. Type a decimal number, where the equivalent binary bit “1” means
to match a bit and “0” means to ignore a bit. The following bits may be
specified: