Zte ZXR10 8900 Series User Manual page 87

Chapter 5 Packet Filtering and Access Control Rule Configuration
To exit from this command module, execute the following com-
mand:
#end
1. Adding one access control rule.
Command
ZXR10_FW.firewall #policy add
action <accept|deny>[srcarea
<string1>][dstarea <string2>][srcvlan
<string3>][dstvlan <string4>][src
<string5>][dst <string6>][service
<string7>][schedule <string8>][sport
<string9>][orig_dst <string10>][dpi
<string11>][ar<string12>][av<on|off
>][ permanent <on|off>][log <on|off|
alarm>][enable<yes|no>][before
<number1>]
Parameter Description:
Parameter
add
action
accept|deny
srcarea
<string1>
dstarea
<string2>
srcvlan
<string3>
dstvlan
<string4>
src
<string5>
dst
Confidential and Proprietary Information of ZTE CORPORATION
Function
This adds one access
control rule.
Description
This adds one FW access control rule.
This sets access privilege, that is to permit
or deny packets matching this rule to pass
through FW.
permit/deny
This sets source area.
This is one string. It must be one or more
preset area name(s). As for multiple area
names, space is used between each two
area names and all addresses are quoted
with single quotes, such as 'area_gei_5/1'.
This sets destination area.
This is one string. It must be one or more
preset area name(s). As for multiple area
names, space is used between each two
area names and all addresses are quoted
with single quotes, such as 'area_gei_5/1'.
This sets source VLAN.
This is one string, indicating preset vlan
number.
This sets destination VLAN.
This is one string, indicating preset vlan
number.
This is source address.
This is one string, indicating preset address
name. Multiple address names can be
input and space is used between each two
address names and all address names are
quoted with single quotes, such as 'aa ll'.
This is destination address.
77