Table of Contents
Advertisement
Chapter 6
Security
!
fwrule Rule2
action accept
source-zone man
destination-zone man
no description
!
!
!
!
If no rules have been configured, add rules as needed. For more information, refer to
Rule".
Section 6.9.15.2
Adding a Rule
To configure a rule for a firewall, do the following:
1.
Make sure the CLI is in Configuration mode.
2.
Add the rule by typing:
security firewall fwconfig firewall fwrule rule
Where:
• firewall is the name of the firewall
• rule is the name of the rule
3.
Configure the following parameter(s) as required:
NOTE
When applying new rules, previous traffic seen by the router might still be considered as having
valid connections by the connection tracking table. For instance:
a. A rule for the TCP and UDP protocols is applied.
b. The router sees both TCP and UDP traffic that qualifies for NAT.
c.
The rule is then modified to allow only UDP.
d. The router will still see TCP packets (i.e. retransmission packets).
If required, reboot the router to flush all existing connection streams.
Parameter
iptype { iptype }
action { action }
206
Synopsis: { ipv4, ipv6, ipv4ipv6 }
Default: ipv4
Internet protocol type - use both when no addresses are used, otherwise define IPv4 and
IPv6 rules for each type of addresses used.
Synopsis: { accept, drop, reject, continue, redirect, dnat-, dnat, copy-dnat }
Default: reject
The final action to take on incoming packets matching this rule.
Options include:
• accept: Allows the connection request to proceed.
• continue: Passes the connection request past any other rules.
• copy-dnat: Sends a copy to a second system using a DNAT rule. Protocol must be set to
'udp', and Original Destination must be defined.
Section 6.9.15.2, "Adding a
Description
RUGGEDCOM ROX II
CLI User Guide
Adding a Rule
Hide quick links:
Advertisement
Chapters
Table of Contents
