ZyXEL Communications 10~100 Series 63

ZyWALL 10~100 Series Internet Security Gateway

Chart 10-1 Firewall Commands

FUNCTION			COMMAND
	Config edit		firewall set <set
	#>	connection-timeout <seconds>
	Config edit		firewall set <set
	#>	fin-wait-timeout <seconds>

Config edit firewall set <set #> tcp-idle-timeout <seconds>

Config edit firewall set <set #> log <yes no>

Rules Config edit firewall set <set #> rule <rule #> permit <forward block>

Config edit firewall set <set #> rule <rule #> active <yes no>

Config edit firewall set <set #> rule <rule #> protocol <integer protocol value >

Config edit firewall set <set #> rule <rule #> log <none match not-match both>

DESCRIPTION

This command sets how long ZyWALL waits for a TCP session to be established before dropping the session.

This command sets how long the ZyWALL leaves a TCP session open after the firewall detects a FIN-exchange (indicating the end of the TCP session).

This command sets how long ZyWALL lets an inactive TCP connection remain open before considering it closed.

This command sets whether or not the ZyWALL creates logs for packets that match the firewall’s default rule set.

This command sets whether packets that match this rule are dropped or allowed through.

This command sets whether a rule is enabled or not.

This command sets the protocol specification number made in this rule for ICMP.

This command sets the ZyWALL to log traffic that matches the rule, doesn't match, both or neither.

Firewall Commands

10-5

Contents

Internet Security Gateway Copyright Copyright © 2003 by ZyXEL Communications Corporation Disclaimer Trademarks Notice Certifications Information for Canadian Users Caution Note ZyXEL Limited Warranty NOTE Customer Support Table of Contents Page List of Diagrams List of Charts Page Preface About Your ZyWALL About This User's Manual Related Documentation Syntax Conventions Page Page Page Setting up Your Computer’s IP Address Windows 95/98/Me Page Page Windows 2000/NT/XP Page Page Page Macintosh OS 8/9 Page Macintosh OS Page Page Triangle Route The Ideal Setup The “Triangle Route” Problem The “Triangle Route” Solutions IP Aliasing Gateways on the WAN Side Page The Big Picture Page Wireless LAN and IEEE Benefits of a Wireless LAN Ad-hocWireless LAN Configuration Infrastructure Wireless LAN Configuration Page Wireless LAN With IEEE Security Flaws with IEEE Deployment Issues with IEEE Advantages of the IEEE Page PPPoE PPPoE in Action Benefits of PPPoE Traditional Dial-upScenario How PPPoE Works ZyWALL as a PPPoE Client PPTP What is PPTP How can we transport PPP frames from a PC to a broadband modem over Ethernet PPTP and the ZyWALL PPTP Protocol Overview Control & PPP connections PPP Data Connection Page IP Subnetting IP Addressing IP Classes Subnet Masks Subnetting Example: Two Subnets Page Example: Four Subnets Example Eight Subnets Subnetting With Class A and Class B Networks Page Page Page Command Interpreter Command Syntax Command Usage Page Firewall Commands Page Page Page Page Page Page Page NetBIOS Filter Commands Introduction Display NetBIOS Filter Settings Page NetBIOS Filter Configuration Page Boot Commands Page Log Descriptions Page Page Page Page Page Page Page Page Page VPN/IPSec logs VPN Responder IPSec Log Page Page Page Page Log Commands Log Command Example Brute-ForcePassword Guessing Protection Page Page Page Index