如何在AIX上实现IP包过滤的功能(2) or routed TYPE = 5 - Redirect sent by: redirection of all datagrams ... 0 = ...to a specific IP network router 1 = ...to a specific IP host router 2 = ...of a spedific type of service and network router 3 = ...of a specific type of service and host router TYPE = 8 - Echo Request sent by: 0 = (no special meaning) host, router TYPE = 11 - Time Exceeded sent by: 0 = TTL set to 0 router 1 = reassembly timer exceeded host TYPE = 12 - Parameter Problem sent by: 0 = the ICMP header's pointer identifies host, router a faulty octett within the datagram TYPE = 13/14 - Timestamp Request/Reply sent by: 0 = (no special meaning) host, router TYPE = 15/16 - Information Request/Reply sent by: 0 = (no special meaning) host, router TYPE = A1 - Address Format Request sent by: 0 = (no special meaning) host, router TYPE = A2 - Address Format Reply sent by: n = [number of bits in a subnet mask] host, router
Routing 路由: route 转发的信息包 local 本地目标/源信息包 both 二者
Direction 方向。 inbond 传入的信息包 outbound 传出的信息包 both 二者
Log Control 日志控制。 yes 包含在日志中 no 不包含在日志中。 Fragmentation Control 分段控制。 all packets 应用到分段头部分、分段部分和非分段部分 fragments and fragment headers only 只应用于分段部分和分段头部分 unfragmented packets only 只应用于非分段部分 fragment headers and unfragmented packets only 只应用于非分段部分和分段头部分
Tunnel ID 报文封装标识。 Interface 接口,如 tr0 或 en0。
配置完成后选择Move IP Security Filter Rules调整适合的过滤器顺序,然后选择 Start/Stop IP Security启动过滤器。 使用lsfilt可以按顺序列出当前配置的过滤器。
