Command Reference Guide
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 4 Firewall Configuration Commands
3Com Corporation
4-5
default: Default number of fragment status records. The default high threshold of the
fragment status records is 2000 and the default low threshold of the fragment status
records is 1500.
Description
Use the firewall fragments-inspect { high | low } command to configure the high and
low thresholds of records for fragment inspection.
Use the undo firewall fragments-inspect { high | low } command to restore the
default high and low thresholds.
If fragment inspection switch is enabled and exact match filtering is applied, the
executing efficiency of the packet filtering will be slightly reduced. As the number of
matching entries increases, efficiency is reduced. Therefore, the (high and low)
thresholds should be set. When the number of fragment status records reaches the
high threshold, those status entries first reserved will be deleted until the number of
records is below the low threshold.
The low threshold must be no greater than the high threshold.
Related command: display firewall-statistics fragments-inspect and firewall
packet-filter.
Example
# Configure the high threshold for fragment packet inspection to 3000 and configure the
low threshold to the default value.
[3Com] firewall fragments-inspect high 3000
[3Com] firewall fragments-inspect low default
4.1.7 firewall packet-filter
Syntax
firewall packet-filter acl-number { inbound | outbound } [ match-fragments
{ normally | exactly } ]
undo firewall packet-filter acl-number { inbound | outbound }
View
Interface view
Parameter
acl-number: Serial number of access control list rule.
inbound: Filters the packet received from the interface.
outbound: Filters the packet forwarded from the interface.