E-DOC-CTC-20061027-0003v2.0
Firewall Commands
368
EXAMPLE:
=>firewall rule list
Rules (flags: C=Constant, D=Dynamic, E=Enable, L=Log)
=====
Chain Nr. Flags Rule
---------------------------------------------------------------------------------------
sink 1 CDE : link sink_fire
2 CDE : link sink_system_service
sink_fire 1 C E SSDP : accept ssdp_serv lan.* > *.ssdp_ip
sink_system_service 1 CDE HTTPI : accept HTTPI_sv_0 HTTPI_if_0.* > *.*
2 DE PING_RESPONDER : accept PING_RESPONDER_sv_0 PING_RESPON
DER_
if_0.* > *.*
3 CD SENDTO_LISTEN : accept SENDTO_LISTEN_sv_0 *.* > *.*
4 D ICMP_LISTEN : accept ICMP_LISTEN_sv_0 *.* > *.*
5 CD SRAS : accept SRAS_sv_0 *.* > *.*
6 CD RAS : accept RAS_sv_0 *.* > *.*
7 CDE MDAP : accept MDAP_sv_0 *.* > *.*
8 CDE SNMP_AGENT : accept SNMP_AGENT_sv_0 SNMP_AGENT_
if_0.* > *.*
9 CD DHCP-S : accept DHCP-S_sv_0 *.* > *.*
10 CDE DHCP-R : accept DHCP-R_sv_0 DHCP-R_if_0.* > *.*
11 CDE DNS-S : accept DNS-S_sv_0 DNS-S_if_0.* > *.*
12 CD RIP-Query : accept RIP-Query_sv_0 *.* > *.*
13 CDE RIP : accept RIP_sv_0 *.* > *.*
14 CDE TELNET : accept TELNET_sv_0 TELNET_if_0.* > *.*
15 CDE FTP : accept FTP_sv_0 FTP_if_0.* > *.*
16 CDE HTTPs : accept HTTPs_sv_0 HTTPs_if_0.* > *.*
17 CDE HTTP : accept HTTP_sv_0 HTTP_if_0.* > *.*
forward 1 CDE : link forward_fire
2 CDE : link forward_host_service
3 CDE : link forward_level
forward_level 1 CDE : link forward_level_Disabled
forward_level_Disabled 1 C E AnyTraffic : accept *.* > *.*
source 1 CDE : link source_fire
source_fire 1 C E AnyTraffic : accept *.* > *.*
=>
=>firewall rule list format=cli
:firewall rule add chain=sink_fire index=1 name=SSDP srcintf=lan dstip=ssdp_ip serv=ssdp_serv
| log=disabled state=enabled action=accept
:firewall rule add chain=source_fire index=1 name=AnyTraffic log=disabled state=enabled
| action=accept
:firewall rule add chain=forward_level_BlockAll index=1 name=AnyTraffic log=disabled state=en
abled
| action=drop
:firewall rule add chain=forward_level_Standard index=1 name=FromLAN srcintf=lan log=disabled
| state=enabled action=accept
:firewall rule add chain=forward_level_Disabled index=1 name=AnyTraffic log=disabled state=en
abled
| action=accept
=>