Firewall Interface Commands
16-130 Configuring Security
Example
ThefollowingexampledisablesthefirewallonFastEthernetport2only:
XSR(config-if<F2>)#ip firewall disable

ip firewall ip-broadcast

Thiscommandallowsincoming/outgoingIPpacketsthroughthefirewallwith255.255.255.255set
asthedestinationaddress.ItenablesbroadcastprotocolssuchasDHCPtotraversethefirewall.
Syntax
ip firewall ip-broadcast {in | out | both}
Syntax of the “no” Form
Thenoformofthiscommanddeniestheselectedbroadcastpackets:
no ip firewall ip-broadcast {in | out | both}
Default
IPbroadcastpacketsarenotallowedinboundandoutbound.
Mode
Interfaceconfiguration:XSR(config-if<xx>)#
Example
Theexamplebelowallowsbroadcastfilteringonoutgoingpacketsonly:
XSR(config-if<F2>)#ip firewall ip-broadcast out

ip firewall ip-multicast

Thiscommandallowsincoming/outgoingIPpacketswithamulticastdestinationaddressthrough
thefirewall.ItenablesmulticastprotocolssuchasRIPandOSPFtotraversethefirewall.
Syntax
ip firewall ip-multicast {in | out | both}
Syntax of the “no” Form
Thenoformofthiscommanddeniestheselectedmulticastpackets:
in or out Allowspacketstoenterorexittheinterface.
both Allowspacketstoenterandexittheinterface.
in or out Allowspacketstoenterorexittheinterface.
both Allowspacketstoenterandexittheinterface.