Manualshelf

HP Comware 5 Debug Manual Vol 2

ManualsBrandsHP ManualsNetwork HardwareHP HSR6804 Router Chassis
51525354555657585960
Field
Description
OutBound Filters packets to be sent.
List listNumber: RuleNumber
ACL listNumber and matching rule RuleNumber used in
packet filtering.
deny The action for the matching packets is deny.
permit The action for the matching packets is permit.
icmp The protocol is ICMP.
interface Interface that filters packets.
Table 4 describes output fields and messages for the debugging firewall icmp command.
Table 37 Output from the debugging firewall icmp command (only supported by multi-core device)
Field
Description
Thread Virtual CPU number.
icmp The protocol is ICMP.
Inbound
Filters received packets.
Outbound Filters packets to be sent.
interface
Interface that filters packets.
Examples
For single-core device:
# Enable debugging for UDP packets on the device with firewall enabled.
<Sysname> debugging firewall udp
*Mar 18 14:28:41:739 2006 Sysname FILTER/7/FLTDBG:Ethernet1/1 InBound List 3000 deny udp
(10.153.66.132 2000)->(10.153.66.252 2001) 30 bytes from interface Ethernet2/0
// Firewall used ACL 3000 to filter the incoming 30-byte long UDP packet on Ethernet 1/1.
# Enable debugging for Ethernet frame filtering on the device with firewall enabled.
<Sysname> debugging firewall eff
*Mar 18 14:28:41:741 2006 Sysname EFF/7/DEBUGGING:
InBound List 4000, deny the frame with the following head :
dest-mac is 0180-c200-0000,sour-mac is 00e0-fc09-bcf9, type is 4242, cos is 00
// Firewall used ACL 4000 to filter an incoming Ethernet frame.
# Enable debugging for fragment inspection on the device with firewall enabled.
<Sysname> debugging firewall fragments-inspect
*Mar 18 14:28:43:744 2010 Sysname FILTER/7/FRAG_PKT: Initial fragment 20.0.0.2 - 20.0.0.3
frag-ID 57687 protocol tcp 44 bytes from interface GigabitEthernet0/1
// Firewall received an initial fragment on GigabitEthernet 0/1.
*Mar 18 14:28:43:744 2006 Sysname FILTER/7/FRAG_CREATE: Create fragments inspection entry
0x9465044 bucket 343 protocol TCP address 20.0.0.2:1055 - 20.0.0.2:1720 frag-ID 57687
// Firewall created a fragment inspection entry 0x9465044.
*Mar 18 14:28:43:744 2006 Sysname FILTER/7/FRAG_MATCH: Fragment matched at entry 0x9465044
frag-ID 3780575248
50