Table of Contents
Advertisement
Firewall
Packet filtering rules are enabled by default. To disable the rule:
(config firewall filter 1)> enable false
(config firewall filter 1)>
3. (Optional) Set the label for the rule.
(config firewall filter 1)> label "My filter rule"
(config firewall filter 1)>
4. Set the action to be performed by the filter rule.
(config firewall filter 1)> action value
(config firewall filter 1)>
where value is one of:
accept: Allows matching network connections.
n
reject: Blocks matching network connections, and sends an ICMP error if appropriate.
n
drop: Blocks matching network connections, and does not send a reply.
n
5. Set the firewall zone that will be monitored by this rule for incoming connections from network
interfaces that are a member of this zone:
See
Firewall configuration
(config firewall filter 1)> src_zone my_zone
(config firewall filter 1)>
6. Set the destination firewall zone. Packets destined for network interfaces that are members of
this zone will either be accepted, rejected or dropped by this rule.
See
Firewall configuration
(config firewall filter 1)> dst_zone my_zone
(config firewall filter 1)>
7. Set the IP version.
(config firewall filter 1)> ip_version value
(config firewall filter 1)>
where value is one of:
any
n
ipv4
n
ipv6
n
The default is any.
n
8. Set the protocol.
(config firewall filter 1)> protocol value
(config firewall filter 1)>
IX30 User Guide
for more information about firewall zones.
for more information about firewall zones.
Packet filtering
777
Advertisement
Table of Contents
