Table of Contents
Advertisement
CLI Commands
add
add (router-wan) firewall
Use the add (router-wan) firewall command to add a firewall rule to a WAN.
Syntax:
Example:
{rtr_card-addr}
The slot number (1-6) that contains the Router (IP or CMG) card.
{"wan-name"}
The WAN interface to modify. The name must be enclosed in quotes.
{rule-number}
Firewall rules are processed in sequence until the first matching rule is found.
{drop|pass}
drop
pass
{incoming|inout|outgoing}
incoming
inout
outgoing
{alarm|log|nolog}
alarm
log
nolog
5-20
add {rtr_card-addr} {"wan-name"} firewall
{rule-number} {drop|pass} {incoming|inout|outgoing}
{alarm|log|nolog} {service} {dest-ip-addr/bits} {src-
ip-addr/bits}
add 3 "LosAngeles" firewall 1 pass incoming nolog http
203.1.21.17/32 0.0.0.0/0
The example will add a firewall rule that allows HTTP (TCP port 80) access
from any outside host to an inside web server at 203.1.21.17 to the Router card
in slot 3.
Do not allow the packet to be forwarded
Allow the packet to be forwarded
Matches packets for sessions originated from an outside host
Matches packets for sessions originated from either an inside or outside
host
Matches packets for sessions originated from an inside host
Add an entry to alarm log for packets that match this rule
Add an entry to event log for packets that match this rule
Do not add an entry to the logs for packets that match this rule
Compact T1 - Release 6.1
Advertisement
Table of Contents
