User manual
Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)
Alvarion BreezeNET B130/B300 GigE 174 Operational User Manual
ipfw addout [num] . . .
These two commands are used to add a filter to the incoming and outgoing filter
sets, respectively. The add* keyword is followed by a filter definition.
The optional num parameter may be used to explicitly specify the number of the
new filter in the list.
ipfw del num
Removes a rule from the appropriate list. The rule to be removed is specified by its
number num which can be seen using the ipfw list command.
ipfw mov num1 num2
Changes the rule's number in the list: from num1 to num2.
ipfw rearrange [N]
Renumbers all the filter rules with the given increment (default is 5).
ipfw [-]quiet
The ipfw quiet command disables registration of rejected packets. Registration is
enabled by default, and re-enabled by ipfw -quiet command.
4.9.2 Packet Filtering Rules
Hereafter we give detailed description of how packets are treated by packet filters.
Every packet entering a device passes through a set of input filters (or blocking
filters). Packets accepted by the input filter set are further processed by the IP
layer of the device kernel. If the IP layer determines that the packet should go
further and not landing here, it hands the packet to the set of outgoing filters (or
forwarding filters).
Information on packets rejected by any filter is displayed on the operator's
terminal, and the packets themselves are discarded without any notice to their
sender.
A packet, "advancing through" a set of filters is checked by every filter in the set,
from the first one till the end of the set, or until the first matching filter. The
algorithm is as follows:
1 If the filter set is empty, the packet is accepted.
2 Otherwise, the first matching filter decides the packet's fate. If it is an accept
filter, the packet is accepted. If it's a reject filter, the packet is rejected
(discarded).
3 If no filter has been found that matches the packet, it is accepted.