Chapter 3. Command Reference

remove id

deletes a firewall rule.

update id

updates or creates a firewall with the specified ID. When a new rule is created, permit, block, or web-filtermust be specified.

authentication < disable any group name > enables or disables authentication.

bandwidth < disable < rule session > guaranteed kbps max kbps pri pri > restricts the bandwidth.

comment “descriptionstores a comment for the rule.

counter-clear

clears counters for the rule.

dst-addr < all group name subnet ip netmask mask range ip1 ip2 > restricts destination addresses in the specified IP range.

logging < enable disable > enables or disables logging for the rule.

< permit block web-filter > src-zonedst-zone service

Required for a new rule. The variables src-zoneand dst-zonecan be this-device to indicate the local device.

position position

the rule is placed in the specified position.

remote-logging < enable disable > enables or disables remote logging for the rule.

schedule < always name >

schedules execution of the rule, either always or according to a named schedule.

src-addr < all group name subnet ip netmask mask range ip1 ip2 > restricts source addresses in the specified IP range.

timeout mins

specifies a timeout interval in minutes for the rule.

Using conf t firewall rule

create/update Use configure terminal firewall rule update to create or update a firewall rule. In this example,

firewall rule firewall rule 10 is created as a “permit” rule for LAN to WAN and for telnet service only:

46 X Family CLI Reference V 2.5.1