firewall Commands
E-DOC-CTC-20071119-0014 v1.0 357
firewall rule add
Add a rule.
SYNTAX:
firewall rule add chain = <chain name>
[index = <number]>
[name = <string]>
[clink = <chain name]>
[srcintf [!] = <{wan|local|lan|tunnel|dmz|
guest}]>
[srcip [!] = <{private|ssdp_ip|mdap_ip}]>
[dstintf [!] = <{wan|local|lan|tunnel|dmz|
guest}]>
[dstip [!] = <{private|ssdp_ip|mdap_ip}]>
[serv [!] = <{icmp|igmp|ftp|telnet|http|
httpproxy|https|RPC|NBT|SMB|imap|esp|ah|
ike|DiffServ|sip|h323|dhcp|rtsp|ssdp_serv|
mdap_serv|syslog}]>
[log = <{disabled|enabled}]>
[state = <{disabled|enabled}]>
action = <{accept|deny|drop|reset|count|link}>
where:
chain The name of the chain which contains the rule. REQUIRED
index The index of the rule in the chain. OPTIONAL
name The name of the new rule. OPTIONAL
clink The name of the chain to be parsed when this
rule applies. OPTIONAL
srcintf [!] The name of the source interface expression.
If a value is preceded by a “!”, it means NOT.
OPTIONAL
srcip [!] The name of the source ip expression.
If a value is preceded by a “!”, it means NOT.
OPTIONAL
dstintf [!] The name of the destination interface
expression.
If a value is preceded by a “!”, it means NOT.
OPTIONAL
dstip [!] The name of the destination ip expression.
If a value is preceded by a “!”, it means NOT.
OPTIONAL
serv [!] The name of the service expression.
If a value is preceded by a “!”, it means NOT.
OPTIONAL