Filter
Top Products
Chapter 4 Command-Line Reference 4-81
This also blocks all TCP packets from class C addresses 192.168.1.0 with SYN set.
Example – Checking for port numbers
This example allows TCP packets from class C addresses 192.168.1.0 to anywhere
when set for destination port 80.
This example drops any TCP packets from source 10.7.1.1 to destination 10.8.1.1,
with the source port between 30 - 46 and the destination port between 100 - 2000.
4.3.7.9 show ip filter
Use this command to display all rules in the IP filter table.
Syntax
show ip filter [rule-number | log]
■ rule-number – Display a filter rule at the specified position in the table. Range:
1-128
■ log – Display all packets stored in the log buffer. Note that packets stored in
this buffer must match the rules in the filter table. The maximum number of
entries stored in the log buffer is 64.
If no options are selected, all packets in the log buffer are displayed.
Default Setting
None
Console(config)#ip filter deny tcp 192.168.1.0 255.255.255.0
0.0.0.0 0.0.0.0 code 2 2
Console(config)#
Console(config)#ip filter permit tcp 192.168.1.0 255.255.255.0
0.0.0.0 0.0.0.0 80
Console(config)#
Console(config)#ip filter deny tcp 10.7.1.1 255.255.255.255 30-
46 10.8.1.1 255.255.255.255 100-2000
Console(config)#