[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

ip-flags

Syntax

ip-flags {
(df | no-df);
(mf | no-mf);
(rb | no-rb);
}

Hierarchy Level

[edit security idp custom-attack attack-name attack-type signature protocol ip]

Release Information

Statement introduced in Release 9.3 of JUNOS software.

Description

Specify that IDP looks for a pattern match whether or not the IP flag is set.

This statement is supported on SRX-series devices.

Options

df | no-df—When set, the df (Don’t Fragment) indicates that the packet cannot be fragmented for transmission. When unset, it indicates that the packet can be fragmented.

mf | no-mf—When set, the mf (More Fragments) indicates that the packet contains more fragments. When unset, it indicates that no more fragments remain.

rb | no-rb—When set, the rb (Reserved Bit) indicates that the bit is reserved.

Usage Guidelines

For configuration instructions and examples, see the JUNOS Software Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

[ Contents] [ Prev] [ Next] [ Index] [ Report an Error]

[an error occurred while processing this directive]