STATE_DISABLEDSTATE_ENABLEDPACKET_FILTER_DEFAULT_ACTION_UNKNOWNPACKET_FILTER_DEFAULT_ACTION_ACCEPTPACKET_FILTER_DEFAULT_ACTION_DISCARDPACKET_FILTER_DEFAULT_ACTION_REJECT
Sets the state indicating whether packet filtering is
enabled or disabled. The default is disabled.
If enabled, the system filters incoming packets, and
directs traffic based on the criteria you specify, both in
the packet filter globals and in the packet filter rules.
Gets the state indicating whether packet filtering is
enabled or disabled.
Sets the state indicating whether the system should filter
all ingress packets, even if the packets are part of an
existing connection. The default is disabled (unchecked).
Gets the state indicating whether the system should filter
all ingress packets, even if the packets are part of an
existing connection.
Sets the state indicating whether the system should send an
ICMP type 3 (destination unreachable), code 13
(administratively prohibited) packet when an ingress packet
is rejected.
When disabled, the system sends an ICMP reject
packet that is protocol-dependent. The default is disabled.
Gets the state indicating whether the system should send an
ICMP type 3 (destination unreachable), code 13
(administratively prohibited) packet when an ingress packet
is rejected.
Sets the state indicating whether the system automatically
accepts ARP packets. The default is enabled.
Gets the state indicating whether the system automatically
accepts ARP packets.
Sets the state indicating whether the system automatically
accepts the following ICMP packet types: UNREACH,
SOURCEQUENCH, REDIRECT, TIMEXCEED. The default is enabled.
Gets the state indicating whether the system automatically
accepts the following ICMP packet types: UNREACH,
SOURCEQUENCH, REDIRECT, TIMEXCEED.
Sets the action to take for packets that do not match the
criteria specified in any of the packet filter rules. The
default is accept. Note that you can effectively stop all
traffic to the system if you select either discard or
reject, and you do not configure additional packet filter
rules to accept management or other acceptable traffic. We
recommend that you leave this setting at the default value,
accept.
Gets the action to take for packets that do not match the
criteria specified in any of the packet filter rules.
Gets a list of all trusted ingress VLANs used in packet filtering on this device.
Adds the specified ingress VLANs to the list of trusted VLANs.
Removes the specified ingress VLANs from the list of trusted VLANs.
Gets a list of all trusted source addresses used in packet filtering on this device.
Adds the specified addresses to the list of trusted source addresses.
Removes the specified addresses from the list of trusted source addresses.
Gets a list of all trusted MAC addresses used in packet filtering on this device.
Adds the specified MAC addresses to the list of trusted MAC addresses.
Removes the specified MAC addresses from the list of trusted MAC addresses.
Gets the version information for this interface.
Sets the state indicating whether packet filtering is
enabled or disabled. The default is disabled.
If enabled, the system filters incoming packets, and
directs traffic based on the criteria you specify, both in
the packet filter globals and in the packet filter rules.
Gets the state indicating whether packet filtering is
enabled or disabled.
Sets the state indicating whether the system should filter
all ingress packets, even if the packets are part of an
existing connection. The default is disabled (unchecked).
Gets the state indicating whether the system should filter
all ingress packets, even if the packets are part of an
existing connection.
Sets the state indicating whether the system should send an
ICMP type 3 (destination unreachable), code 13
(administratively prohibited) packet when an ingress packet
is rejected.
When disabled, the system sends an ICMP reject
packet that is protocol-dependent. The default is disabled.
Gets the state indicating whether the system should send an
ICMP type 3 (destination unreachable), code 13
(administratively prohibited) packet when an ingress packet
is rejected.
Sets the state indicating whether the system automatically
accepts ARP packets. The default is enabled.
Gets the state indicating whether the system automatically
accepts ARP packets.
Sets the state indicating whether the system automatically
accepts the following ICMP packet types: UNREACH,
SOURCEQUENCH, REDIRECT, TIMEXCEED. The default is enabled.
Gets the state indicating whether the system automatically
accepts the following ICMP packet types: UNREACH,
SOURCEQUENCH, REDIRECT, TIMEXCEED.
Sets the action to take for packets that do not match the
criteria specified in any of the packet filter rules. The
default is accept. Note that you can effectively stop all
traffic to the system if you select either discard or
reject, and you do not configure additional packet filter
rules to accept management or other acceptable traffic. We
recommend that you leave this setting at the default value,
accept.
Gets the action to take for packets that do not match the
criteria specified in any of the packet filter rules.
Gets a list of all trusted ingress VLANs used in packet filtering on this device.
Adds the specified ingress VLANs to the list of trusted VLANs.
Removes the specified ingress VLANs from the list of trusted VLANs.
Gets a list of all trusted source addresses used in packet filtering on this device.
Adds the specified addresses to the list of trusted source addresses.
Removes the specified addresses from the list of trusted source addresses.
Gets a list of all trusted MAC addresses used in packet filtering on this device.
Adds the specified MAC addresses to the list of trusted MAC addresses.
Removes the specified MAC addresses from the list of trusted MAC addresses.
Gets the version information for this interface.
The PacketFilterGlobals interface enables you to work with the
global lists of trusted source addresses and ingress VLANs used
in packet filtering, and allows you to view and modify other
overall packet filter settings.
Note: The system processes exemptions before packet filter
rules, so you cannot override such settings with a packet
filter rule. Attributes controlling exemptions include:
always_accept_arp, always_accept_important_icmp, and those
involving trusted VLANs, trusted addresses, and trusted MAC
addresses.