Firewall interface commands, Firewall interface commands -129, Firewall interface commands ip firewall disable – Enterasys Networks X-Pedition XSR CLI User Manual

Firewall Interface Commands

XSR CLI Reference Guide 16-129

Examples

The following examples configure valid inputs:

ip firewall url-load-black-list blacklist.txt
ip firewall url-load-black-list flash:blacklist.txt
ip firewall url-load-white-list cflash:whitelist.txt

Firewall Interface Commands

ip firewall disable

This command disables firewall operation on a particular interface discrete from its application 
globally. The command behaves separately and interactively at Global and Interface modes as 
follows:

•

The system‐level firewall is disabled by default.

•

The interface‐level firewall is enabled by default unless explicitly disabled.

•

If the firewall is enabled, packet inspection will occur on all interfaces that have the firewall 
enabled at the interface level.

•

A particular interface may be enabled but subsequently disabling the firewall globally 
overrides all enabled interfaces

•

If you enable the firewall globally, all interfaces will be enabled until you subsequently disable 
a particular interface

•

Enable

 displays in 

running-config

, but not 

disable

•

Even if you have not configured the firewall, entering

ip firewall enable

 will turn on 

packet inspection.

Syntax

ip firewall disable

Syntax of the “no” Form

The no form of this command enables the firewall on a selected interface:

no ip firewall disable

Default

Enabled

Mode

Interface configuration: 

XSR(config-if<xx>)#

Note: With the firewall enabled, source address validation (HostDoS checkspoof) is also enabled.
This service can improve security in some situations but erroneously discard valid packets in
situations where inbound and outbound paths differ as well as negatively impact some routing
protocols.