Firewall Sub-Commands; Firewall Command Examples - ZyXEL Communications UAG Series Cli Reference Manual

Chapter 18 Firewall

18.2.1 Firewall Sub-Commands

The following table describes the sub-commands for several firewall commands.
Table 64 firewall Sub-commands
COMMAND
action {allow|deny|reject}
[no] activate
[no] ctmatch {dnat | snat}
[no] description description
[no] destinationip address_object
[no] from zone_object
[no] log [alert]
[no] schedule schedule_object
[no] service service_name
[no] sourceip address_object
[no] sourceport {tcp|udp} {eq <1..65535>|range
<1..65535> <1..65535>}
[no] to {zone_object|Device}
[no] user user_name

18.2.2 Firewall Command Examples

These are IPv4 firewall configuration examples.
124
DESCRIPTION
Sets the action the UAG takes when packets match this
rule.
Enables a firewall rule. The no command disables the
firewall rule.
Use dnat to block packets sent from a computer on the
UAG's WAN network from being forwarded to an internal
network according to a virtual server rule.
Use snat to block packets sent from a computer on the
UAG's internal network from being forwarded to the WAN
network according to a 1:1 NAT or Many 1:1 NAT rule.
The no command forwards the matched packets.
Sets a descriptive name (up to 60 printable ASCII
characters) for a firewall rule. The no command removes
the descriptive name from the rule.
Sets the destination IP address. The no command resets
the destination IP address(es) to the default (any). any
means all IP addresses.
Sets the zone on which the packets are received. The no
command removes the zone on which the packets are
received and resets it to the default (any) meaning all
interfaces or VPN tunnels.
Sets the UAG to create a log (and optionally an alert) when
packets match this rule. The no command sets the UAG not
to create a log or alert when packets match this rule.
Sets the schedule that the rule uses. The no command
removes the schedule settings from the rule.
Sets the service to which the rule applies. The no command
resets the service settings to the default (any). any means
all services.
Sets the source IP address(es). The no command resets
the source IP address(es) to the default (any). any means
all IP addresses.
Sets the source port for a firewall rule. The
removes the source port from the rule.
Sets the zone to which the packets are sent. The
command removes the zone to which the packets are sent
and resets it to the default (any). any means all interfaces
or VPN tunnels.
Sets a user-aware firewall rule. The rule is activated only
when the specified user logs into the system. The
command resets the user name to the default (any). any
means all users.
command
no
no
no
UAG CLI Reference Guide