ZyWALL 5/35/70 Series User’s Guide

Table 271 Firewall Commands (continued)

FUNCTION

COMMAND

DESCRIPTION

 

 

 

 

Config edit firewall set <set

This command sets how long ZyWALL lets an

 

#> tcp-idle-timeout <seconds>

inactive TCP connection remain open before

 

 

considering it closed.

 

 

 

 

 

 

 

Config edit firewall set <set

This command sets whether or not the

 

#> log <yes no>

ZyWALL creates logs for packets that match

 

 

the firewall’s default rule set.

 

 

 

Rules

Config edit firewall set <set

This command sets whether packets that

 

#> rule <rule #> permit

match this rule are dropped or allowed

 

<forward block>

through.

 

 

 

 

Config edit firewall set <set

This command sets whether a rule is enabled

 

#> rule <rule #> active <yes

or not.

 

no>

 

 

 

 

 

Config edit firewall set <set

This command sets the protocol specification

 

#> rule <rule #> protocol

number made in this rule for ICMP.

 

<integer protocol value >

 

 

 

 

 

Config edit firewall set <set

This command sets the ZyWALL to log traffic

 

#> rule <rule #> log <none

that matches the rule, doesn't match, both or

 

match not-match both>

neither.

 

 

 

 

Config edit firewall set <set

This command sets whether or not the

 

#> rule <rule #> alert <yes

ZyWALL sends an alert e-mail when a DOS

 

no>

attack or a violation of a particular rule occurs.

 

 

 

 

config edit firewall set <set

This command sets the rule to have the

 

#> rule <rule #> srcaddr-

ZyWALL check for traffic with this individual

 

single <ip address>

source address.

 

 

 

 

config edit firewall set <set

This command sets a rule to have the

 

#> rule <rule #> srcaddr-

ZyWALL check for traffic from a particular

 

subnet <ip address> <subnet

subnet (defined by IP address and subnet

 

mask>

mask).

 

 

 

 

 

 

config edit firewall set <set

This command sets a rule to have the

 

#> rule <rule #> srcaddr-range

ZyWALL check for traffic from this range of

 

<start ip address> <end ip

addresses.

 

address>

 

 

 

 

 

config edit firewall set <set

This command sets the rule to have the

 

#> rule <rule #> destaddr-

ZyWALL check for traffic with this individual

 

single <ip address>

destination address.

755

Appendix N Firewall Commands