Chapter 19 Firewall
19.2.1 Firewall Sub-Commands
The following table describes the
Table 58 firewall
COMMAND | DESCRIPTION |
action {allowdenyreject} | Sets the action the NXC takes when packets match |
| this rule. |
[no] activate | Enables a firewall rule. The no command disables |
| the firewall rule. |
[no] ctmatch {dnat snat} | Use dnat to block packets sent from a computer |
| on the NXC’s WAN network from being forwarded |
| to an internal network according to a virtual server |
| rule. |
| Use snat to block packets sent from a computer |
| on the NXC’s internal network from being |
| forwarded to the WAN network according to a 1:1 |
| NAT or Many 1:1 NAT rule. |
| The no command forwards the matched packets. |
[no] description description | Sets a descriptive name (up to 60 printable ASCII |
| characters) for a firewall rule. The no command |
| removes the descriptive name from the rule. |
[no] destinationip address_object | Sets the destination IP address. The no command |
| resets the destination IP address(es) to the default |
| (any). any means all IP addresses. |
[no] from zone_object | Sets the zone on which the packets are received. |
| The no command removes the zone on which the |
| packets are received and resets it to the default |
| (any). any means all interfaces or VPN tunnels. |
[no] log [alert] | Sets the NXC to create a log (and optionally an |
| alert) when packets match this rule. The no |
| command sets the NXC not to create a log or alert |
| when packets match this rule. |
|
|
[no] schedule schedule_object | Sets the schedule that the rule uses. The no |
| command removes the schedule settings from the |
| rule. |
|
|
[no] service service_name | Sets the service to which the rule applies. The no |
| command resets the service settings to the default |
| (any). any means all services. |
[no] sourceip address_object | Sets the source IP address(es). The no command |
| resets the source IP address(es) to the default |
| (any). any means all IP addresses. |
[no] sourceport {tcpudp} {eq | Sets the source port for a firewall rule. The no |
<1..65535>range <1..65535> <1..65535>} | command removes the source port from the rule. |
[no] to {zone_objectEnterpriseWLAN} | Sets the zone to which the packets are sent. The |
| no command removes the zone to which the |
| packets are sent and resets it to the default (any). |
| any means all interfaces. |
[no] user user_name | Sets a |
| activated only when the specified user logs into the |
| system. The no command resets the user name to |
| the default (any). any means all users. |
122 |
| |
NXC CLI Reference Guide |
| |
|
|
|