Firewall Interface Commands
XSR CLI Reference Guide 16-129
Examples
Thefollowingexamplesconfigurevalidinputs:
ip firewall url-load-black-list blacklist.txt
ip firewall url-load-black-list flash:blacklist.txt
ip firewall url-load-white-list cflash:whitelist.txt

Firewall Interface Commands

ip firewall disable

Thiscommanddisablesfirewalloperationonaparticularinterfacediscretefromitsapplication
globally.ThecommandbehavesseparatelyandinteractivelyatGlobalandInterfacemodesas
follows:
•Thesystemlevelfirewallisdisabledbydefault.
•Theinterfacelevelfirewallisenabledbydefaultunlessexplicitlydisabled.
•Ifthefirewallisenabled,packetinspectionwilloccuronallinterfacesthathavethefirewall
enabledattheinterfacelevel.
•Aparticularinterfacemaybeenabledbutsubsequentlydisablingthefirewallglobally
overridesallenabledinterfaces
•Ifyouenablethefirewallglobally,allinterfaceswillbeenableduntilyousubsequentlydisable
aparticularinterface
Enabledisplaysinrunning-config,butnotdisable
•Evenifyouhavenotconfiguredthefirewall,entering ip firewall enablewillturnon
packetinspection.
Syntax
ip firewall disable
Syntax of the “no” Form
Thenoformofthiscommandenablesthefirewallonaselectedinterface:
no ip firewall disable
Default
Enabled
Mode
Interfaceconfiguration:XSR(config-if<xx>)#
Note: With the firewall enabled, source address validation (HostDoS checkspoof) is also enabled.
This service can improve security in some situations but erroneously discard valid packets in
situations where inbound and outbound paths differ as well as negatively impact some routing
protocols.