Siemens RUGGEDCOM ROX II User Manual page 253

RUGGEDCOM ROX II
CLI User Guide
Parameter
source-zone-hosts { source-zone-hosts }
destination-zone-hosts { destination-zone-
hosts }
log-level { log-level }
protocol { protocol }
source-ports { source-ports }
destination-ports { destination-ports }
original-destination { original-destination }
description { description }
Type commit and press Enter to save the changes, or type revert and press Enter to abort.
4.
Section 6.9.15.3
Configuring the Source Zone
To configure the source zone for a firewall rule, do the following:
1. Make sure the CLI is in Configuration mode.
Navigate to security » firewall » fwconfig » {firewall} » fwrule{rule} » source-zone, where {firewall} is the
2.
name of the firewall and {rule} is the name of the rule.
3. Configure the following parameter(s) as required:
Parameter
predefined-zone { predefined-zone }
Configuring the Source Zone
• dnat: Forwards the request to another system and (optionally) another port.
• dnat-: Only generates the DNAT IPtables rule and not the companion ACCEPT rule.
• drop: The connection request is ignored. No notification is sent.
• redirect: Redirects the request to a local TCP port number on the local firewall.
• reject: Rejects the connection with an RST (TCP) or ICMP destination-unreachable.
Synopsis: A string
(Optional) Add comma-separated host IPs to a predefined source-zone.
Synopsis: A string
(Optional) Add comma-separated host IPs to the destination-zone - may include :port for
DNAT or REDIRECT.
Synopsis: { none, debug, info, notice, warning, error, critical, alert, emergency }
Default: none
(Optional) Determines whether or not logging will take place and at which logging level.
Synopsis: { tcp, udp, icmp, all } or a string
Default: all
The protocol to match for this rule - must be 'udp' for rules using copy-dnat actions.
Synopsis: A string
Default: none
(Optional) The TCP/UDP port(s) the connection originated from. Default: all ports. Add a
single port or a list of comma-separated ports
Synopsis: A string
Default: none
(Optional) The TCP/UDP port(s) the connection is destined for. Default: all ports. Add a
single port or a list of comma-separated ports
Synopsis: { None } or a string
Default: none
(Optional) The destination IP address in the connection request as it was received by the
firewall - (mandatory) for rules using copy-dnat actions.
Synopsis: A string
(Optional) The description string for this rule.
Synopsis: A string
A predefined zone
Description
Description
Chapter 6
Security
207