ZyXEL Communications 10 User Manual

ZyWALL 10~100 Series Internet Security Gateway

58

Firewall

Commands

Chart N-1 Firewall Commands

FUNCTION

COMMAND

DESCRIPTION

A

A

t

t

t

t

a

a

c

c

k

k

config edit firewall attack send-

alert <yes | no>

This command enables or disables the immediate
sending of DOS attack notification e-mail messages.

config edit firewall attack block

<yes | no>

Set this command to

yes

to block new traffic after

the tcp-max-incomplete threshold is exceeded. Set
it to

no

to delete the oldest half-open session when

traffic exceeds the tcp-max-incomplete threshold.

config edit firewall attack block-

minute <0-255>

This command sets the number of minutes for new
sessions to be blocked when the tcp-max-
incomplete threshold is reached. This command is
only valid when

block

is set to

yes

.

config edit firewall attack minute-

high <0-255>

This command sets the threshold rate of new half-
open sessions per minute where the ZyWALL starts
deleting old half-opened sessions until it gets them
down to the minute-low threshold.

config edit firewall attack minute-

low <0-255>

This command sets the threshold of half-open
sessions where the ZyWALL stops deleting half-
opened sessions.

config edit firewall attack max-

incomplete-high <0-255>

This command sets the threshold of half-open
sessions where the ZyWALL starts deleting old half-
opened sessions until it gets them down to the max
incomplete low.

config edit firewall attack max-

incomplete-low <0-255>

This command sets the threshold where the
ZyWALL stops deleting half-opened sessions.

config edit firewall attack tcp-

max-incomplete <0-255>

This command sets the threshold of half-open TCP
sessions with the same destination where the
ZyWALL starts dropping half-open sessions to that
destination.