6.2.1.24.7. packet-filtering

6.2.1.24.7.1. Introduction

The packet-filtering command of the show advanced-configuration subgroup enables displaying the static packet filtering rules.

Note

Packet filtering is not supported when the MTU > 3000.

---

6.2.1.24.7.2. Prerequisites

• User: setup

• Dependencies:

  • The detection engine must be switched off

  • A network capture interface must be enabled

---

6.2.1.24.7.3. Command

show advanced-configuration packet-filtering

---

6.2.1.24.7.4. Example of displaying the flow filtering rules

• Enter the following command.

  (gcap-cli) show advanced-configuration packet-filtering
  

• Validate.
  The system displays the result.

  Current XDP filters:
   - 0: iface mon1 native vlan 10
   - 1: iface mon2 native vlan 1
   - 2: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto TCP range 22:22
   - 3: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto TCP range 443:443
   - 4: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto TCP range 465:465
   - 5: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto TCP range 993:993
   - 6: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto TCP range 995:995
   - 7: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto UDP range 500:500
   - 8: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto UDP range 4500:4500
   - 9: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto GRE
   - 10: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto ESP
   - 11: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto AH
   - 12: iface mon1 drop vlan 110 prefix 0.0.0.0/0 proto L2TP 
  

---