Firewall Rule Create - THOMSON 516 Reference Manual

firewall rule create

Create a rule.
SYNTAX:
firewall rule create
If a value is preceded by a "!", it means NOT.
For example "srcintfgrp=!wan" means "if the source interface group is different from WAN".
where:
chain The name of the chain in which the rule must be inserted.
index The number of the rule before which the new rule must be added.
srcintf The name of the interface the packet should [or should NOT] arrive on to make
this rule apply.
Note
srcintfgrp The interface group the packet should [or should NOT] arrive on. Choose
between:
wan
local
lan.
Note
E-DOC-CTC-20040907-0010 v1.0
chain = <string>
[index = <number>]
[srcintf [!]= <string>]
[srcintfgrp [!]= <{wan | local | lan} or number>]
[src [!]= <ip-address>]
[dstintf [!]= <string>]
[dstintfgrp [!]= <{wan | local | lan} or number>]
[dst [!]= <ip-address>]
[tos [!]= <number{1-255}>]
[precedence [!]= <number{0-7}>]
[dscp [!]= <number{0-63}>]
[prot [!]= <{<supported IP protocol name> | <number>}>]
[syn = <yes | no>]
[urg = <yes | no>]
[ack = <yes | no>]
[srcport [!]= <{<supported TCP/UDP port name>|<number>}>]
[srcportend = <{<supported TCP/UDP port name>|<number>}>]
[dstport [!]= <{<supported TCP/UDP port name>|<number>}>]
[dstportend = <{<supported TCP/UDP port name>|<number>}>]
[icmptype [!]= <{<supported ICMP type name> | <number>}>]
[icmpcode [!]= <number{0-15}>]
[icmpcodeend = <number{0-15}>]
[clink = <string>]
[log = <{no | yes}>]
action = <{accept | deny | drop | count}>
NOT applicable if used in a chain assigned to the
NOT applicable if used in a chain assigned to the
Firewall Commands
REQUIRED
OPTIONAL
OPTIONAL
output
hook.
OPTIONAL
output
hook.
165