aboutsummaryrefslogtreecommitdiffstats
path: root/vnet/etc/scripts/source_and_port_range_check
blob: dce227b4315e9236b8f05d722cd3335ee3fddb5e (plain)
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
43
44
45
46
47
48
49
50
51
52
53
54
55
56
57
58
59
60
61
62
63
create loop int

set int state loop0 up
set int ip addr loop0 10.10.10.10/32

packet-generator new {
  name deny-from-default-route
  limit 1
  node ip4-input
  size 64-64
  no-recycle
  data {
    UDP: 1.2.3.4 -> 5.6.7.8
    UDP: 3000 -> 3001
    length 128 checksum 0 incrementing 1
  }
}

packet-generator new {
  name allow
  limit 1
  node ip4-input
  size 64-64
  no-recycle
  data {
    UDP: 1.1.1.1 -> 5.6.7.8
    UDP: 3000 -> 3001
    length 128 checksum 0 incrementing 1
  }
}

packet-generator new {
  name deny-from-port-range
  limit 1
  node ip4-input
  size 64-64
  no-recycle
  data {
    UDP: 1.1.1.1 -> 5.6.7.8
    UDP: 6000 -> 6001
    length 128 checksum 0 incrementing 1
  }
}

set ip source-and-port-range-check 1.1.1.0/24 range 2000 - 3000 vrf 99

set interface ip source-and-port-range-check pg0 udp-out-vrf 99

 show ip source-and-port-range-check vrf 99 1.1.1.1

set ip source-and-port-range-check 1.1.1.0/24 range 4000 - 5000 vrf 99

set ip source-and-port-range-check 1.1.2.0/24 range 4000 - 5000 vrf 99

show ip source-and-port-range-check vrf 99 1.1.1.1
show ip source-and-port-range-check vrf 99 1.1.2.1

set ip source-and-port-range-check 1.1.2.0/24 range 4000 - 5000 vrf 99 del

show ip source-and-port-range-check vrf 99 1.1.2.1

tr add pg-input 100