Changes on IP Flow table are active only after an init res:ipsh command.
The command save conf saves all flows inside the table. In the configuration files up to 255 flows are saved.
The available commands for managing the IP flow table are the following:
It shows the IP shaping flow table. By typing d ipsh flow ? command it is possible to display the meaning of all parameters.
[14:36:28] ABILIS_CPX:d ipsh flow
---+---------------------------------------------------------------------------
PR:|[DESCR:]
|DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP:
---+----+-----+-------+-------+----------+-------------------------------------
0 IN 1 64 350 PRE-NAT 192.168.000.000/24
1 OUT 1 256 5000 POST-NAT 192.168.000.000/24
Meaning of the parameters:
PR
Priority of IPSH flow [0..254].
DESRC
Entry description. From 0 up to 70 Alphanumeric extended characters. Case is preserved. Spaces are allowed. Strings holding spaces must be written between quotation marks (E.g. "str1 str2").
DIR
Flow direction [IN, OUT] When 'IN', the shaping in made by checking the source IP of packets received by Abilis CPX. When 'OUT', the shaping in made by checking the destination IP of packets transmitted by Abilis CPX.
RULE
Rule assigned to current flow [#, LOWBW, HIGHBW, 1..32] When '#', rule is not assigned. When 'LOWBW', bandwidth is limited to LOWBW: value. When 'HIGHBW', bandwidth is limited to HIGHBW: value. When 1..32, identifier of a dynamic rule in the IPSH RULE table.
LOWBW
Lower bandwidth limit [64..100000 kbit/sec]. The actual bandwidth limit will be modulated between LOWBW: and HIGHBW: according to the RULE: algorithm.
HIGHBW
Higher bandwidth limit [64..100000 kbit/sec] The actual bandwidth limit will be modulated between LOWBW: and HIGHBW: according to the RULE: algorithm.
CHECK
Where to check IP address [PRE-NAT, POST-NAT, PRE-IPSEC, POST-IPSEC].
When 'PRE-NAT
', the analisys is
performed before NAT.
When 'POST-NAT
', the analisys is
performed after NAT.
When 'PRE-IPSEC
', the analisys is
performed before IPSEC.
When 'POST-IPSEC
', the analisys is
performed after IPSEC.
IP address filter. For DIR:IN the filter is applied on SOURCE IP. For DIR:OUT the filter is applied on DESTINATION IP. Single Ip address [0.0.0.1-255.255.255.255] or subnet [x.x.x.x/y] or Ip addresses range separated by ':' (colon) or the name of an IP/IR/RU/MR list between primes or "#" or "*".
It adds a new IP flow definition with the specified parameters. Unspecified ones are set to their default values.
To display the syntax of the command, type a ipsh flow ?.
Some examples follow:
[14:00:15] ABILIS_CPX:a ipsh flow pr:0 rule:1 lowbw:512 highbw:8192 ip:192.168.0.5
COMMAND EXECUTED [14:00:15] ABILIS_CPX:a ipsh flow pr:1 dir:out rule:1 lowbw:256 highbw:4096 check:post-nat ip:192.168.0.5
/24 COMMAND EXECUTED [14:01:01] ABILIS_CPX:d ipsh flow
---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 2 OUT 1 256 4096 POST-NAT 192.168.000.000/24
It deletes from the table the IP flow identified by the specified “PR:xx”.
To display the syntax of the command, type c ipsh flow ?.
Some examples follow:
[13:55:27] ABILIS_CPX:d ipsh flow
---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 IN 1 256 4096 PRE-NAT 192.168.000.000/24 2 OUT 1 256 4096 POST-NAT 192.168.000.000/24 [13:55:27] ABILIS_CPX:c ipsh flow pr:1
COMMAND EXECUTED [13:55:27] ABILIS_CPX:d ipsh flow
---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 OUT 1 256 4096 POST-NAT 192.168.000.000/24
It sets one or more parameters to their new values into IP flow table, identified by the specified “PR:xx”.. This command can be only used to modify specific IP flow definitions in the table.
Type s ipsh flow ? to display the syntax of the command.
Some examples follow:
[13:56:01] ABILIS_CPX:d ipsh flow
---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 IN 1 256 4096 PRE-NAT 192.168.000.000/24 [13:56:25] ABILIS_CPX:s ipsh flow pr:1 dir:out check:post-nat
COMMAND EXECUTED [13:57:38] ABILIS_CPX:d ipsh flow
---+--------------------------------------------------------------------------- PR:|[DESCR:] |DIR:|RULE:| LOWBW:|HIGHBW:|CHECK: |IP: ---+----+-----+-------+-------+----------+------------------------------------- 0 IN 1 512 8192 PRE-NAT 192.168.000.005 1 OUT 1 256 4096 POST-NAT 192.168.000.000/24