Table of Contents
Advertisement
Firewall Commands
firewall rule create
Create a rule.
If a value is preceded by a "!", it means "NOT".
Note
E.g. "dstintfgrp=!wan" means "if dstintfgrp is different from WAN".
SYNTAX:
firewall rule create
where:
chain
index
srcintf
182
chain = <string>
[index = <number>]
[srcintf [!]= <string>]
[srcintfgrp [!]= <{wan|local|lan} or number>]
[src [!]= <ip-address>]
[dstintf [!]= <string>]
[dstintfgrp [!]= <{wan|local|lan} or number>]
[dst [!]= <ip-address>]
[tos [!]= <number{1-255}>]
[precedence [!]= <number{0-7}>]
[dscp [!]= <number{0-63}>]
[prot [!]= <{<supported IP protocol name>|<number>}>]
[syn = <yes|no>]
[urg = <yes|no>]
[ack = <yes|no>]
[srcport [!]= <{<supported TCP/UDP port name>|<number>}>]
[srcportend = <{<supported TCP/UDP port name>|<number>}>]
[dstport [!]= <{<supported TCP/UDP port name>|<number>}>]
[dstportend = <{<supported TCP/UDP port name>|<number>}>]
[icmptype [!]= <{<supported ICMP type name>|<number>}>]
[icmpcode [!]= <number{0-15}>]
[icmpcodeend = <number{0-15}>]
[clink = <string>]
[log = <{no|yes}>]
action = <{accept|deny|drop|count}>
The name of the chain in which the rule must be inserted.
The number of the rule before which the new rule must be added.
The name of the interface the packet should [or should NOT] arrive
on to make this rule apply.
NOT applicable if used in a chain assigned to the output
Note
hook.
REQUIRED
OPTIONAL
OPTIONAL
E-DOC-CTC-20040216-0002 v1.0
- Quick Links:
- Accessing the Command Line Interface
Hide quick links:
Advertisement
Table of Contents
