3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
302 CHAPTER 18: FIREWALL CONFIGURATION COMMANDS
firewall packet-filter
enable
Syntax
firewall packet-filter enable
undo firewall packet-filter enable
View
System view
Parameter
None
Description
Use the firewall packet-filter enable command to enable the firewall packet
filtering.
Use the undo firewall packet-filter enable command to disable the firewall
packet filtering.
By default, the firewall is disabled.
Example
# Enables the firewall
[SecBlade_FW] firewall packet-filter enable
firewall packet-filter
fragments-inspect
Syntax
firewall packet-filter fragments-inspect
undo firewall packet-filter fragments-inspect
View
System view
Parameter
None
Description
Use the firewall packet-filter fragments-inspect command to enable fragment
inspection switch.
Use the undo firewall packet-filter fragments-inspect command to disable
fragment inspection switch.
By default, fragment inspection switch is disabled.
This command is the premise of realizing exact match. Only after fragment
inspection switch is enabled, can fragment exact match be implemented. Packet
filtering firewall will record the status of a fragment, and perform the exact
matching to advanced ACL rules according to the information beyond the layer 3
(IP layer).