Chapter 20 Application Patrol

Table 83 app Commands: Rules in Pre-Defined Applications (continued)

COMMAND

DESCRIPTION

app protocol_name rule default

Enters sub-command mode for editing the default rule for the

or

application. See Table 84 on page 165 for the sub-commands.

app protocol_name rule modify default

 

no app protocol_name rule rule_number

Deletes the specified rule.

20.2.2.1 Rule Sub-commands

The following table describes the sub-commands for several application patrol rule commands. Note that not all rule commands use all the sub-commands listed here.

Table 84 app protocol rule Sub-commands

COMMAND

DESCRIPTION

access {forward drop reject}

Specifies the action when traffic matches the rule.

[no] action-block

Blocks use of a specific feature.

{loginmessageaudiovideofile-transfer}

 

[no] activate

Turns on this rule. The no command turns off this rule.

bandwidth {inboundoutbound} <0..1048576>

Limits inbound or outbound bandwidth, in kilobits per second. 0

 

disables bandwidth management for traffic matching this rule.

[no] bandwidth excess-usage

Enables maximize bandwidth usage to let the traffic matching this

 

policy “borrow” any unused bandwidth on the out-going interface.

 

 

bandwidth priority <1..7>

Set the priority for traffic that matches this rule. The smaller the

 

number, the higher the priority.

 

 

[no] destination profile_name

Adds the specified destination address to the rule.

[no] from zone_name

Specifies the source zone.

[no] inbound-dscp-mark {<0..63> class

This is how the ZyWALL handles the DSCP value of the outgoing

{default dscp_class}}

packets to a connection’s initiator that match this policy.

 

Enter a DSCP value to have the ZyWALL apply that DSCP value.

 

Set this to the class default to have the ZyWALL set the DSCP

 

value to 0.

 

 

[no] log [alert]

Creates log entries (and alerts) for traffic that matches the rule.

 

The no command does not create any log entries.

[no] outbound-dscp-mark {<0..63> class

This is how the ZyWALL handles the DSCP value of the outgoing

{default dscp_class}}

packets from a connection’s initiator that match this policy.

 

Enter a DSCP value to have the ZyWALL apply that DSCP value.

 

Set this to the class default to have the ZyWALL set the DSCP

 

value to 0.

 

 

port <0..65535>

Specifies the destination port. 0 means any.

[no] schedule profile_name

Adds the specified schedule to the rule.

show

Displays the rule’s configuration

[no] source profile_name

Adds the specified source address to the rule.

[no] to zone_name

Specifies the destination zone.

[no] user username

Adds the specified user to the rule.

 

165

ZyWALL (ZLD) CLI Reference Guide