Firewall allow, Mgmt class, Input format – Efficient Networks 107-0001-000 User Manual

Page 469: Parameters, Firewall allow -3

Advertising
background image

Efficient Networks

®

Router family

Command Line Interface Guide

Chapter 18: Stateful Firewall Commands

Efficient Networks

®

Page 18-3

firewall allow

Creates a firewall rule that will be added to the firewall allow rules list. To view the
current allow firewall rules, use the

firewall list

command.

NOTE:

If NAT is enabled on the router, then the outgoing firewall rules should be specified in
terms of the private addresses. However, for inbound rules, the rules would need to
use the router’s WAN address.

Mgmt Class

Security (R/W)

Input Format

firewall allow <protocol | application> [<parameters>]

Parameters

The following parameters specify the <protocol> (-p) or <application> (-a)
characteristics that a packet must have in order to match the firewall rule:

The following <parameters> specify additional characteristics that an IP packet must
have in order to match the firewall rule.

-p tcp | udp | icmp | <protocol number>

a

a

Integer, numerical protocol ID.

The packet must have the specified protocol.

-a imap | telnet | bootp | nntp | rpc | tftp | smtp | dns | ftp |

rexec | rsh | rlogin | syslog | winframe | rdp | http | https | ntp

| smb | ras | realaudio | netmeeting | aolim| quicktime | cuseeme |

netshow | pptp | nfs | nis | traceroute | sqlnet | ipsec

Packets must match the assigned application characteristics.

-sp <ICMP type> | <first source port>[:<last source port>]

If the protocol is ICMP, the packet must match the specified ICMP type. If the pack-
et is TCP or UDP, if only one source port is specified, the packet must have the
specified port, or if a range is defined, a source port that is within the specified port
range. If no source port is specified, the firewall rule matches any source port in the
range 0 - 65535.

-dp <ICMP code> | <first dest port>[:<last dest port>]

If the protocol is ICMP, the packet must match the specified ICMP code. If the pack-
et is TCP or UDP, if only one port is specified, the packet must have the specified
destination port, or if a range is defined, a port that is within the specified destina-
tion port range. If no destination port is specified, the firewall rule matches any des-
tination port in the range 0 - 65535.

-da <first dest ip addr>[:<last dest ip addr>]

Advertising
Popular Brands
Popular manuals