Chapter 16 Firewall
16.2.1 Firewall Sub-Commands
The following table describes the
Table 67 firewall
COMMAND | DESCRIPTION |
action {allowdenyreject} | Sets the action the ZyWALL takes when packets match this |
| rule. |
|
|
[no] activate | Enables a firewall rule. The no command disables the |
| firewall rule. |
[no] ctmatch {dnat snat} | Use dnat to block packets sent from a computer on the |
| ZyWALL’s WAN network from being forwarded to an |
| internal network according to a virtual server rule. |
| Use snat to block packets sent from a computer on the |
| ZyWALL’s internal network from being forwarded to the |
| WAN network according to a 1:1 NAT or Many 1:1 NAT rule. |
| The no command forwards the matched packets. |
[no] description description | Sets a descriptive name (up to 60 printable ASCII |
| characters) for a firewall rule. The no command removes |
| the descriptive name from the rule. |
|
|
[no] destinationip address_object | Sets the destination IP address. The no command resets |
| the destination IP address(es) to the default (any). any |
| means all IP addresses. |
[no] destinationip6 address_object | Sets the destination IPv6 address. The no command resets |
| the destination IP address(es) to the default (any). any |
| means all IP addresses. |
|
|
[no] from zone_object | Sets the zone on which the packets are received. The no |
| command removes the zone on which the packets are |
| received and resets it to the default (any) meaning all |
| interfaces or VPN tunnels. |
|
|
[no] log [alert] | Sets the ZyWALL to create a log (and optionally an alert) |
| when packets match this rule. The no command sets the |
| ZyWALL not to create a log or alert when packets match |
| this rule. |
|
|
[no] schedule schedule_object | Sets the schedule that the rule uses. The no command |
| removes the schedule settings from the rule. |
[no] service service_name | Sets the service to which the rule applies. The no command |
| resets the service settings to the default (any). any means |
| all services. |
|
|
[no] sourceip address_object | Sets the source IP address(es). The no command resets |
| the source IP address(es) to the default (any). any means |
| all IP addresses. |
|
|
[no] sourceip6 address_object | Sets the source IP address(es). The no command resets |
| the source IP address(es) to the default (any). any means |
| all IP addresses. |
[no] sourceport {tcpudp} {eq <1..65535>range | Sets the source port for a firewall rule. The no command |
<1..65535> <1..65535>} | removes the source port from the rule. |
| 137 |
ZyWALL (ZLD) CLI Reference Guide | |
|
|