DrayTek Vigor2860Vn-plus Router Manual PDF (Setup & Configuration Guide)

Page 641 / 794 Scroll up to view Page 636 - 640

Vigor2860 Series User’s Guide

627

Type “0” to disable the log flag.

Type “1” to display the log of passed packet.

Type “2” to display the log of blocked packet.

Type “3” to display the log of non-matching packet.

- p [VALUE]

It means to setup actions for packet not matching any

rule, e.g.,

-p 1

Type “0” to let all the packets pass;

Type “1” to block all the packets.

-M [P2P_NO]

It means to configure IM/P2P for the packets not

matching with any rule, e.g.,

-M 1

Type “0” to let all the packets pass;

Type “1” to block all the packets.

-U [URL_NO]

It means to configure URL content filter for the packets

not matching with any rule, e.g.,

-U 1

Type “0” to let all the packets pass;

Type “1” to block all the packets.

-a [AD_SET]

It means to configure the advanced settings.

-f [VALUE]

It means to accept large incoming fragmented UDP or

ICMP packets.

-E [VALUE]

It means to set the maximum count for session

limitation.

-F [VALUE]

It means to configure the load-balance policy.

-Q [VALUE]

It means to set the QoS class.

Example

> ipf set -c 1

#set call filter start from set 1

Setting saved.

> ipf set -d 2

#set data filter start from set 2

Setting saved.

> ipf set -v

Page 642 / 794

Vigor2860 Series User’s Guide

628

Call Filter: Enable (Start Filter Set = 1)

Data Filter: Enable (Start Filter Set = 2)

Log Flag

: None

Actions for packet not matching any rule:

Pass or Block

: Pass

CodePage

: ANSI(1252)-Latin I

Max Sessions Limit: 60000

Current Sessions

: 0

Mac Bind IP

: Non-Strict

QOS Class

: None

APP Enforcement

: None

URL Content Filter: None

Load-Balance policy : Auto-select

--------------------------------------------------------------

CodePage

: ANSI(1252)-Latin I

Window size

: 65535

Session timeout

: 1440

DrayTek Banner

: Enable

---------------------------------------------------------------

Apply IP filter to VPN incoming packets

: Enable

Accept large incoming fragmented UDP or ICMP packets: Enable

----------------------------------------------------------------

Strict Security Checking

[ ]APP Enforcement

>

Telnet Command: ipf rule

This command is used to set filter rule for firewall.

ipf rule

s r

[-<command> <parameter> | .

..

ipf rule s r -v

Syntax Description

Parameter

Description

s

Such word means Filter Set, range form 1~12.

r

Such word means Filter Rule, range from 1~7.

Page 643 / 794

Vigor2860 Series User’s Guide

629

<Command><paramete

r>

The following lists all of the available commands with

parameters.

-e

It means to enable or disable the rule setting.

0- disable

1- enable

-s o:g <obj>

It means to specify source IP object and IP group.

o - indicates “object”.

g - indicates “group”.

obj - indicates index number of object or index number

of group. Available settings range from 1-192. For

example, “-s g 3" means the third source IP group

profile.

–s u

<End IP Address> |

It means to configure

source

IP address including

address type, start IP address, end IP address and

address mask.

u – It means “user defined”.

Address Type

- Type the number (representing different

address type).

0 - Subnet Address

1 - Single Address

2 - Any Address

3 - Range Address

Example:

Set Subnet Address => -s u 0 192.168.1.10

255.255.255.0

Set Single Address => -s u 1 192.168.1.10

Set Any Address

=> -s u 2

Set Range Address => -s u 3 192.168.1.10

192.168.1.15

–d u

<End IP Address> |

It means to configure

destination

IP address including

address type, start IP address, end IP address and

address mask.

Page 644 / 794

Vigor2860 Series User’s Guide

630

u – It means “user defined”.

Address Type

- Type the number (representing different

address type).

0 - Subnet Address

1 - Single Address

2 - Any Address

3 - Range Address

Example:

Set Subnet Address => -d u 0 192.168.1.10

255.255.255.0

Set Single Address => -d u 1 192.168.1.10

Set Any Address

=> -d u 2

Set Range Address => -d u 3 192.168.1.10

192.168.1.15

-d o:g <obj>

It means to specify destination IP object and IP group.

o – indicates “object”.

g – indicates “group”

<obj>– indicates index number of object or index

number of group. Available settings range from 1-192.

For example, “-d g 1" means the first destination IP

group profile.

-S o:g <obj>

It means to specify Service Type object and IP group.

o – indicates “object”.

g – indicates “group”

<obj> – indicates index number of object or index

number of group. Available settings range from 1-96.

For example, “-S 0 1" means the first service type object

profile.

-S u <protocol>

<source_port__value>

<destination_port_vale

>

It means to configure advanced settings for Service

Type, such as protocol and port range.

u – it means “user defined”.

<protocol> – It means TCP(6),UDP(17), TCP/UDP(255).

Page 645 / 794

Vigor2860 Series User’s Guide

631

<source_port__value> –

1 – Port OP, range is 0-3. 0:= =, 1:!=, 2:>, 3:<

3 – Port range of the Start Port Number, range is

1-65535.

5 – Port range of the End Port Number, range is

1-65535.

<destination_port_value>:

2 – Port OP, range is 0-3, 0:==, 1:!=, 2:>, 3:<

4 – Port range of the Start Port Number, range is

1-65535.

6 – Port range of the End Port Number, range is

1-65535.

-F

It means the Filter action you can specify.

0 –Pass Immediately,

1 – Block Immediately,

2 – Pass if no further match,

3 – Block if no further match.

-q

It means the classification for QoS.

1– Class 1,

2 – Class 2,

3 – Class 3,

4 – Other

-l

It means load balance policy.

Such function is used for “debug” only.

-E

It means to enable APP Enforcement.

-a<index>

It means to specify which APP Enforcement profile will

be applied.

<index> – Available settings range from 0 ~ 32. “0”

means no profile will be applied.

-u<index>

It means to specify which URL Content Filter profile will

be applied.

Rate

Popular DrayTek Models

Famous Router IPs

Famous Router Companies

Bookmark Our Site

Share