90030500B Configuring WAN Connections Page 123
A filter that will bring up a connection when it detects any IP packet except
DNS
The following filter brings up a connection for any packet but
dns
. The first stanza is
preceded by a “
!
”, so the filter brings up the connection when it detects IP packets
that are
not
domain packets. The second stanza is also preceded by a “
!
”, so TCP
packets that
are
not domain packets are passed. All other packets (including DNS
packets) are dropped.
s1=! 53/udp
s2=! 53/tcp
Note:
If the exclamation marks were omitted from this filter, it would pass only
DNS packets and drop all others.
Tracing messages
A
logpacket
filter can specify packets that will be logged when the
set
trace
options are set appropriately (see
set trace
in
the
Command Reference Guide
and
Chapter 17, Troubleshooting
for more information).
For example, if want to log all traffic to your WWW server and the server has an IP
address of 199.86.8.33, configure a filter similar to that shown below as
filter 2
:
s1= /recv/199.86.8.33 //Match if IP destination address is
199.86.8.33
You can then enter a command similar to the following:
set user name=webconnection LogPacket=filter2
This will log all packets on the WAN whose user is called
webconnection
that are
addressed to the WWW server.
A
PassPacket
filter can specify packets that will be passed over the WAN connection.
If you omit a
PassPacket
filter, all packets will be passed, including trace messages.
To Next Page
Loading...
Need help?
General