![]() In place of the numeric field value, you can specify one of the following keywords (theįield values are also listed): dont- (0x4), more-s (0x2), Match the three-bit IP fragmentation flags field in the IP header. For details, see the forwarding-class match condition. IPv4 (inet), IPv6 (inet6), and MPLS interfaces.ĭo not match the forwarding class of the packet. Match conditions: first-fragment and is-fragment.Ĭlassify the packet in one of the following default forwarding classes, or in To match both first and trailing fragments, you can use two terms that specify different This match condition is an alias for the bit-field match condition fragment-offset 0 match condition. The first fragment of aįragmented packet has a fragment offset value of 0. Match if the packet is a trailing fragment of a fragmented packet. Match if the packet is the first fragment of a fragmented packet. For more information, see the dscp match condition. Points, are defined in RFC 2597, Assured Forwarding PHB.Ĭs0, cs1, cs2, cs3, cs4, cs5, cs6, cs7, cs5ĭo not match on the DSCP number. These four classes, with three drop precedences in each class, for a total of 12 code In place of the numeric value, you can specify one of the following text synonymsĮf (46)-as defined in RFC 3246, An Expedited Forwarding You can specify DSCP in hexadecimal, binary, or decimal form. The type-of-service (ToS) byte in the IP header. Match the Differentiated Services code point (DSCP). You can define a list of IP address prefixes under a prefix-list alias for frequent use. Match destination prefixes in a list unless the except option is included. For details, see the destination-port match condition. IPv4 (inet) interfaces, and IPv6 (inet6) interfaces.ĭo not match the UDP or TCP destination port field. ![]() In place of the numeric value, you can specify one of the following text synonyms (the You cannot specify both the port and destination-port match conditions Specify which protocol is being used on the port. The protocol udp or protocol tcp match statement in the same term to Match the UDP or TCP destination port field. You cannot specify both address and destination-address match Match the destination address field unless the except option is included. IPv4 (inet) interfaces and IPv6 (inet6) interfaces. Match the source or destination address field unless the except option Table 1: Supported Match Conditions (PTX10003 and Modifiers that you can specify in a term. To see a list of all the synonyms forĪ match condition, type ? at the appropriate place in a statement. Match conditions allow you to specify a text synonym. You can specify when configuring a firewall filter. You can do the same on the PTX10008, but the router only supports applying multiple firewall You flexibility in large environments when you have a device configured with many interfaces. You only manage the configuration for a filtering task in a single firewall filter. Single input list or output list ( filter input-list and output-list). On the PTX10003, you can apply multiple firewall filters to a single interface as a If no match conditions are specified for the term, the router accepts the packet by default. In addition, you can specify action modifiers to count, mirror, rate-limit, and classify packets. When a packet matches a filter, the router takes the action specified in the term. You can also include no match statement, in which case the term You can define single or multiple match conditions in match statements. Match conditions are the fields and values that a packet mustĬontain to be considered a match. Each term in a firewall filter consists of match conditions andĪn action.
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |