ZyXEL Communications 10~100 Series 62

ZyWALL 10~100 Series Internet Security Gateway

Chart 10-1 Firewall Commands

FUNCTIONCOMMAND

config edit firewall attack minute-low <0-255>

config edit firewall attack max-incomplete-high <0-255>

config edit firewall attack max-incomplete-low <0-255>

config edit firewall attack tcp-max-incomplete <0-255>

Sets config edit firewall set <set #> name <desired name>

Config edit firewall set <set #> default-permit <forward block>

Config edit firewall set <set #> icmp-timeout <seconds>

Config edit firewall set <set #> udp-idle-timeout <seconds>

DESCRIPTION

This command sets the threshold of half-open sessions where the ZyWALL stops deleting half-opened sessions.

This command sets the threshold of half-open sessions where the ZyWALL starts deleting old half-opened sessions until it gets them down to the max incomplete low.

This command sets the threshold where the ZyWALL stops deleting half-opened sessions.

This command sets the threshold of half-open TCP sessions with the same destination where the ZyWALL starts dropping half-open sessions to that destination.

This command sets a name to identify a specified set.

This command sets whether a packet is dropped or allowed through, when it does not meet a rule within the set.

This command sets the time period to allow an ICMP session to wait for the ICMP response.

This command sets how long a UDP connection is allowed to remain inactive before the ZyWALL considers the connection closed.

10-4	Firewall Commands

Contents

Internet Security Gateway Copyright Copyright © 2003 by ZyXEL Communications Corporation Disclaimer Trademarks Notice Certifications Information for Canadian Users Caution Note ZyXEL Limited Warranty NOTE Customer Support Table of Contents Page List of Diagrams List of Charts Page Preface About Your ZyWALL About This User's Manual Related Documentation Syntax Conventions Page Page Page Setting up Your Computer’s IP Address Windows 95/98/Me Page Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Triangle Route The Ideal Setup The “Triangle Route” Problem The “Triangle Route” Solutions IP Aliasing Gateways on the WAN Side Page The Big Picture Page Wireless LAN and IEEE Benefits of a Wireless LAN Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Page Wireless LAN With IEEE Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Page PPPoE PPPoE in Action Benefits of PPPoE Traditional Dial-upScenario How PPPoE Works ZyWALL as a PPPoE Client PPTP What is PPTP How can we transport PPP frames from a PC to a broadband modem over Ethernet PPTP and the ZyWALL PPTP Protocol Overview Control & PPP connections PPP Data Connection Page IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Page Page Command Interpreter Command Syntax Command Usage Page Firewall Commands Page Page Page Page Page Page Page NetBIOS Filter Commands Introduction Display NetBIOS Filter Settings Page NetBIOS Filter Configuration Page Boot Commands Page Log Descriptions Page Page Page Page Page Page Page Page Page VPN/IPSec logs VPN Responder IPSec Log Page Page Page Page Log Commands Log Command Example Brute-ForcePassword Guessing Protection Page Page Page Index