Use this syntax when you create firewall rules for your Network IPS appliance.
Syntax rule | Description | Examples |
---|---|---|
Adapter clause | Indicates a specific adapter where the rule is applied. Note: Supported
adapter clauses are "any" or the letters A through H. If you do not
specify an adapter clause, the rule matches packets on any adapter
|
|
Ethernet Clause | Filters 802.1q VLAN traffic or allows or denies specific types of Ethernet protocols. |
|
IP clause | Indicates the version of IP protocol and the conditions in the header that must be satisfied for the statement to match the rule. |
|
IP datagram clause | Indicates the protocol and the protocol-specific conditions
that must be satisfied for the statement to match. Note: The supported
protocols are ICMP, ICMPv6, TCP, and UDP. You can also specify a set
of IP protocol numbers.
|
|
Source and target address conditions | Indicates the set of allowable IPv4 or IPv6 addresses for the source or target for the establishment of a TCP-based connection, UDP packet, ICMP packet, or ICMPv6 packet. |
|
TCP/UDP source and target port conditions | Indicate the set of TCP or UDP ports for the source or target of the establishment of a (TCP) connection or a (UDP) packet. |
|
ICMP type and code conditions | Indicate the set of ICMP and ICMPv6 types or codes for either side of the packet. |
|
Using ranges | Indicates a range of values for IP addresses, port numbers, ICMP message types and codes, and protocol numbers using a dash (-) between the first and last values in the range. |
|
Using "any" | Specifies "any" in all expressions. |
|