Mixing Pass and Drop Rules
GigaVUE‑OS lets you mix pass and drop rules on a single port. Mixing pass and drop rules can be useful in a variety of situations. The following example shows a pass rule set up to include all traffic matching a particular source port range combined with a drop rule configured to exclude ICMP traffic.
|
Description |
CLI Commands |
|
Enters the map prefix mode for a map named mymap. |
(config) map alias mymap |
|
Specifies the map type and subtype |
(config map alias mymap) # type regular byRule |
|
Specifies that this map will apply to traffic arriving on network port 1/1/x5. |
(config map alias mymap) # from 1/1/x5 |
|
Specifies that packets matching this map will be sent to tool port 3/5/x5. |
(config map alias mymap) # to 3/5/x5 |
|
Create a rule that will match all packets with a source port between 20..66. |
(config map alias mymap) # rule add pass portsrc 20..66 |
|
Create a rule that will drop all ICMP-IPv4 traffic. |
(config map alias mymap) # rule add drop protocol icmp-ipv4 |
|
Exits the map prefix mode. |
(config map alias mymap) # exit |
Drop Rules Have Precedence!
Keep in mind that within a map, drop rules have precedence over pass rules. So, if a packet matches both a pass and a drop rule in the same map, the packet is dropped rather than passed.
