- Siemens Network Router User Manual
Chapter 6: Remote Commands Efficient Networks
® 
Router family
Command Line Interface Guide
Page 6-32 Efficient Networks
®
The following parameters specify the characteristics that an IP packet must have in 
order to match the filter. A filter can require any or all of these characteristics.
reject
The packet is discarded and an ICMP error message is returned to 
the sender.
inipsec
The packet is passed to IPSec for decrypting. The filter is intended 
to match packets coming from the other IPSec gateway. Although fil-
ters are the mechanism by which packets are passed to IPSec, it is 
recommended that you use IKE to manage your IP Security (
see “IP-
Sec (Internet Protocol Security)” on page 5-50.
)
outipsec
The packet is passed to IPSec so it can be encrypted and sent to the 
other IPSec gateway. The filter is intended to match packets coming 
from the local protected network. Although filters are the mechanism 
by which packets are passed to IPSec, it is recommended that you 
use IKE to manage your IP Security (see IPSec 
“IPSec (Internet Pro-
tocol Security)” on page 5-50
).
-p <protocol> | TCP | UDP | ICMP
The packet must have the specified protocol. If no protocol is specified, the filter 
matches every protocol.
-sa <first source ip addr>[:<last source ip addr>]
The packet must have a source IP address within the specified address range. If 
only one address is specified, the packet must have that source IP address. If no 
source IP address is specified, the filter matches any address in the range 
0.0.0.0:255.255.255.255.
-sm <source ip mask>
The filter uses the specified mask when comparing the <first source ip addr>...<last 
source ip addr> with the source IP address in the IP packet. If no source mask is 
specified, the mask used is 255.255.255.255.
-sp <ICMP type> | <first source port>[:<last source port>]
The packet must have a source port that matches the specified ICMP type or that 
is within the specified port range. If only one port is specified, the packet must have 
that source port. If no source port is specified, the filter matches any source port in 
the range 0:0xffff.
-da <first dest ip addr>[:<last dest ip addr>]
The packet must have a destination IP address within the specified address range. 
If only one address is specified, the packet must have that destination IP address. 
If no destination IP address is specified, the filter matches any address in the range 
0.0.0.0:255.255.255.255. 
-dm <dest ip mask>
The filter uses the specified mask when comparing the <first dest ip addr>...<last 
dest ip addr> with the destination IP address in the IP packet. If no destination 
mask is specified, the mask used is 255.255.255.255.
-dp <ICMP type> | <first dest port>[:<last dest port>]
The packet must have a destination port that matches the specified ICMP type or 
that is within the specified port range. If only one port is specified, the packet must 
have that destination port. If no destination port is specified, the filter matches any 
destination port in the range 0:0xffff.










