setipfilter

Configures a filter within a given IP filter set. The SecureRamp has three filter sets: default, custom1, and custom2. Each filter set can have up to 16 incoming and 16 outgoing filters. The default set of filters is configured for you. Use setipfilter to create and modify filters for the custom filter sets or to modify the default filter set.

Syntax

 setipfilter -f filter_set_ID -d direction -n filter_ID 

-e enable_flag -w permit_flag -p protocol -t startconn_flag 

-a source_address -c source_bitmask -A destination_address 

-C destination_bitmask -m source_port_compare -s source_port 

-M destination_port_compare -S destination_port

Options

-f	Filter set ID. 1 = custom1, 2 = custom2.
-d	Direction. 0 = incoming, 1 = outgoing.
-n	Filter number (1..16).
-e	Enable flag. 0 = disable, 1 = enable.
-w	Permit flag. 0 = deny, 1 = permit.
-p	Protocol. 0 = IP, 1 = ICMP, 3 = GGP, 4 = TCP, 5 = UDP, 6 = ignore.
-t	Start of connection flag. 0 = ignore, 1 = no, 2 = yes.
-a	Source IP address.
-c	Bit mask of source IP address to use for comparison.
-A	Destination IP address.
-C	Bit mask of destination IP address to use for comparison.
-m	Source port compare. 0 = ignore, 1 = equal, 2 = not equal, 3 = greater than, 4 = less than.
-s	Source port number (1..65535).
-M	Destination port compare. 0 = ignore, 1 = equal, 2 = not equal, 3 = greater than, 4 = less than.
-S	Destination port number (1..65535).

Notes

• The first 3 parameters must be -f, -d, and -n in that order.
• The other parameters are optional.

Examples

 setipfilter -f 1 -d 1 -n 4 -e 1 -w 0 -p 1

This command will configure the fourth outgoing filter of the custom1 IP filter set to deny all ICMP access. This filter is also enabled.

 setipfilter -f 1 -d 1 -n 4 -e 0

This command will configure the fourth outgoing filter of the custom1 IP filter set to be disabled.

Also Supported on

• WebRamp 600 series

See Also

• clearipfilter
• showipfilter