User manual

ManualsBrandsAlvarion ManualsNetworkingBreezeNET B300 GigE

181

182

183

184

185

186

187

188

189

190

Chapter 4 - Layer 3 Command Set - IP Networking Ipfw Command (IP Firewall)

Alvarion BreezeNET B130/B300 GigE 177 Operational User Manual

Disp field (abbreviated from disposition) sets an action which is going to be held in

case of this filter operation. Possible values are accept or reject. If accept value is

set the packet will go through the filter. Using reject value means that the packet

will be filtered. After the action value one can set an optional parameter log

(accept log or reject log) - this will lead to the system log update in case of the

filter operation.

Module "ipfw" added with filter "rpfilter" (reverse path filter). This filter ensures

that the sender of the package is accessible via the interface through which

package it received in the system. If the filter fails, the packet processing

continues, if not fails the packet is destroyed. This filter can be inserted into the

list of rules first:

ipfw add rpfilter all from 0/0 to 0/0

One more possible value for disp field is "pass". This value allows a packet to pass

a rule executing the related actions of this rule and continue with other rules in

the list.

Example:

ipfw add pass log tcp from 0/0 to 0/0

When a packet will face this rule it will continue moving further with other rules.

Information about the packet will be logged.

Parameters [vlan=N] [dot1p=N] [swg=N] [ether=X] [dscp=N|tos=N] are classifiers

that allows analyzing VLAN ID, 802.1p priority, switch group number

(SWitchGroup), packet type (EtherType) and also ip_tos field for having DSCP

label value or IP precedence.

Proto field sets some particular IP-protocol, which is used for the filter. Possible

values: tcp, udp, icmp, arp, all or a numeric value of the protocol (can be found

on the IANA web site:

http://www.iana.org/assignments/protocol-numbers/protocol-numbers.xml).

Optional field modifiers can be used to set up some additional packet parameters

which are going to be described below in this document.

Mandatory key word from separates proto and modifiers fields from the

destination address (endpoint). Key word to separates source address from

destination address.

Endpoint defines either source address or destination address. The exact syntax

of endpoint fields depends upon proto field value. If proto has a value of either all

or icmp than endpoint contains the address information. If proto is set as udp or

tcp than endpoint contains the address information and an optional ports list.