Section 31.3.9, Section 31.3.10 – Westermo RedFox Series User Manual
Page 742
Westermo OS Management Guide
Version 4.17.0-0
For a true firewall it is generally a good idea to enable stateful packet in-
spection. However, due to potential problems with asymmetric routing, the
default is to have this setting disabled.
Use ”show spi” to show if stateful inspection is enabled or disabled.
Default values Disabled.
31.3.9
Configure Forwarding and Input Default Policies
Syntax policy [forward|input] <allow|deny>
Context
context
Usage Configure the default policy for forward filtering and input filtering. By
default, the command applies to the forwarding filter, e.g., ”policy allow”
will set the default policy for forward filtering to ”allow”.
Use ”show policy” to show configured default policies for the forwarding
filter and the input filter.
Default values Deny (that is, both the forwarding filter and the input filter by
default drop packets lacking a matching allow rule.)
31.3.10
Reorder/Move a Packet Filter, Modify, NAT or Port For-
warding Rule
Syntax move [<filter|modify|nat|port-forward>] <FROM_POS> <TO_POS>
Context
context
Usage Change the position (reorder) a rule in the ”filter”, ”modify”, ”nat” or
”port-forward” table, e.g., use ”move filter 6 3” to move the filter rule
(allow/deny) at position ”6” to position ”3”. The filter rule previously at po-
sition ”3” ends up at position ”4”, and so on. Similarly, ”move modify 3 6”
will move the modify rule at position ”3” to position ”6”; the rule previously
at position ”6” ends up at position ”5” and so on.
The tables are kept compact. Specifying a ”TO_POS” beyond the highest
number in that table is equal to moving it to the last position in the table.
If no table is specified, the move operation applies to the ”filter” table,
i.e., ”move 6 3” is equivalent to ”move filter 6 3”.
742
➞ 2015 Westermo Teleindustri AB