Sunfire B1600 Switch User Manual


 
4-80 Sun Fire B1600 Blade System Chassis Switch Administration Guide June 2003
SYN flag valid, use code 2 2
Both SYN and ACK valid, use code 18 18
SYN valid and ACK invalid, use code 2 18
Example Address filters
This example allows all packets to pass through the filter by permitting any
protocol type, and using a null address and network mask for both the source
address and destination address.
This accepts any incoming packets if the source address is within subnet 10.7.1.x.
For example, if the rule is matched; that is, the rule (10.7.1.1 & 255.255.255.0)
equals the masked address (10.7.1.2 & 255.255.255.0), the packet passes through.
Example Checking for fragments
This example blocks all fragments and logs the matching packets in the log.
Example Checking for code values
This blocks all TCP packets from class C addresses 192.168.1.0 with SYN set.
Console(config)#ip filter permit any 0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0
Console(config)#
Console(config)#ip filter permit any 10.7.1.1 255.255.255.0
0.0.0.0 0.0.0.0
Console(config)#
Console(config)#ip filter deny any 0.0.0.0 0.0.0.0 0.0.0.0
0.0.0.0 fragment log
Console(config)#
Console(config)#ip filter deny tcp 192.168.1.0 255.255.255.0
0.0.0.0 0.0.0.0 code syn
Console(config)#