Zte ZXR10 8900 Series User Manual page 89

Chapter 5 Packet Filtering and Access Control Rule Configuration
Parameter
yes|no
before
<number>
Example:
To add one access control rule. execute the following com-
mand, where 'area_eth0', 'any', 'http_policy' and 'msn' are de-
fined objects.
ZXR10_FW.firewall #policy add action accept
srcarea 'area_eth0' src 'any' service IP dpi 'http_policy'
ar 'msn' av on log on enable yes
2. Modifying one added access control rule.
Command
ZXR10_FW.firewall #policy
modify id <number1>[action
<accept|deny>][srcarea <string
1>][dstarea <string2>][srcvlan
<string3>][dstvlan <string4>][src
<string5>][dst <string6>][service
<string7>][schedule <string8>][sport
<string9>][orig_dst <string10>][dpi
<string11>][ar<string12>][av<on
|off>][ permanent <on|off>][log
<on|off>][enable < yes|no>]
Parameter Description:
Parameter
modify
id
<number1>
action
accept|deny
srcarea
<string1>
dstarea
<string2>
Confidential and Proprietary Information of ZTE CORPORATION
Description
Enable/not enable
This is optional. When adding one new
access control rule, it is available to select
before which rule to place this new rule.
The new rule is placed at end by default.
This is one number, indicating ID of added
access control rule.
Function
This modifies one
added access control
rule.
Description
This modifies one FW access rule.
This is ID of defined access control rule.
This is one number.
This sets access right.
permit/deny
This sets source area.
This is one string. It must be one or more
preset area name(s). As for multiple area
names, space is used between each two
area names and all addresses are quoted
with single quotes, such as 'area_gei_5/1'.
This sets destination area.
This is one string. It must be one or more
preset area name(s). As for multiple area
names, space is used between each two
area names and all addresses are quoted
with single quotes, such as 'area_gei_5/1'.
79