User Guide
8 Firewall Commands
140 / 260
3EC 16982 AFAA TCZZA Ed. 01
firewall rule create
Create a rule.
SYNTAX:
firewall rule create chain = <string>
[index = <number>]
[srcintf [!]= <string>]
[srcintfgrp [!]= <{wan|local|lan}>]
[srcbridgeport [!]= <number>]
[src [!]= <ip-address>]
[srcmsk = <ip-mask(dotted or cidr)>]
[dstintf [!]= <string>]
[dstintfgrp [!]= <{wan|local|lan}>]
[dst [!]= <ip-address>]
[dstmsk = <ip-mask(dotted or cidr)>]
[tos [!]= <number{1-255}>]
[prot [!]= <{tcp|udp|icmp|protocol}>]
[syn <yes|no>]
[urg <yes|no>]
[ack <yes|no>]
[srcport [!]= <{ftp|ftp-data|telnet|mail|smtp|dns|domain|tftp|port}>]
[srcportend = <{ftp|ftp-data|telnet|mail|smtp|dns|domain|tftp|port}>]
[dstport [!]= <{ftp|ftp-data|telnet|mail|smtp|dns|domain|tftp|port}>]
[dstportend = <{ftp|ftp-data|telnet|mail|smtp|dns|domain|tftp|port}>]
[icmptype [!]= <{echo-reply|destination-unreachable|source-quench|
redirect|echo-request|router-advertisement|
router-solicitation|time-e xceeded|parameter-problems|
timestamp-request|timestamp-reply|
information-request|information-reply|
address-mask-request|address-mask-reply|
icmpnumber}>]
[icmpcode [!]= <number{0-15}>]
[icmpcodeend = <number{0-15}>]
[clink = <string>]
action = <{accept|deny|drop|count}>
chain The name of the chain to insert the rule in. REQUIRED
[index] The number of the rule before which the new rule must be added. OPTIONAL
[srcintf] The name of the interface the packet should [or should NOT] arrive
on to make this rule apply.
(NOT applicable if used in a chain assigned to the output hook)
OPTIONAL
[srcintfgrp] The interface group the packet should [or should NOT] arrive on.
Choose between:
wan
local
lan
(NOT applicable if used in a chain assigned to the output hook)
OPTIONAL