summaryrefslogtreecommitdiffstats
path: root/src/scripts/vnet/source_and_port_range_check
blob: abe7034c57697b6fb800b99bed5755f406a57a6a (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
create loop int

set int state loop0 up
set int ip addr loop0 10.10.10.10/32

packet-generator new {						\
  name deny-from-default-route					\
  limit 1							\
  node ip4-input						\
  size 64-64							\
  data {							\
    UDP: 1.2.3.4 -> 5.6.7.8					\
    UDP: 3000 -> 3001						\
    length 128 checksum 0 incrementing 1			\
  }								\
}

packet-generator new {						\
  name allow							\
  limit 1							\
  node ip4-input						\
  size 64-64							\
  data {							\
    UDP: 1.1.1.1 -> 5.6.7.8					\
    UDP: 3000 -> 3001						\
    length 128 checksum 0 incrementing 1			\
  }								\
}

packet-generator new {						\
  name deny-from-port-range					\
  limit 1							\
  node ip4-input						\
  size 64-64							\
  data {							\
    UDP: 1.1.1.1 -> 5.6.7.8					\
    UDP: 6000 -> 6001						\
    length 128 checksum 0 incrementing 1			\
  }								\
}

set ip source-and-port-range-check 1.1.1.0/24 range 2000 - 3000 vrf 99

set interface ip source-and-port-range-check pg0 udp-out-vrf 99

 show ip source-and-port-range-check vrf 99 1.1.1.1

set ip source-and-port-range-check 1.1.1.0/24 range 4000 - 5000 vrf 99

set ip source-and-port-range-check 1.1.2.0/24 range 4000 - 5000 vrf 99

show ip source-and-port-range-check vrf 99 1.1.1.1
show ip source-and-port-range-check vrf 99 1.1.2.1

set ip source-and-port-range-check 1.1.2.0/24 range 4000 - 5000 vrf 99 del

show ip source-and-port-range-check vrf 99 1.1.2.1

tr add pg-input 100