Table of Contents
Advertisement
Firewall
ip_version any
label Allow all outgoing traffic
protocol any
src_zone internal
1
action drop
dst_zone internal
enable true
ip_version any
label myfilter
protocol any
src_zone external
(config)>
b. Select the appropriate rule by using its index number:
(config)> firewall filter 1
(config firewall filter 1)>
To create a new packet filtering rule:
(config)> add firewall filter end
(config firewall filter 1)>
Packet filtering rules are enabled by default. To disable the rule:
(config firewall filter 1)> enable false
(config firewall filter 1)>
3. (Optional) Set the label for the rule.
(config firewall filter 1)> label "My filter rule"
(config firewall filter 1)>
4. Set the action to be performed by the filter rule.
(config firewall filter 1)> action value
(config firewall filter 1)>
where value is one of:
accept: Allows matching network connections.
n
reject: Blocks matching network connections, and sends an ICMP error if appropriate.
n
drop: Blocks matching network connections, and does not send a reply.
n
5. Set the firewall zone that will be monitored by this rule for incoming connections from network
interfaces that are a member of this zone:
See
Firewall configuration
(config firewall filter 1)> src_zone my_zone
(config firewall filter 1)>
6. Set the destination firewall zone. Packets destined for network interfaces that are members
of this zone will either be accepted, rejected or dropped by this rule.
IX10 User Guide
for more information about firewall zones.
Packet filtering
443
- Quick Links:
- Step 3: Connect
Hide quick links:
Advertisement
Table of Contents
