User Guide
8 Firewall Commands
143 / 260
3EC 16982 AFAA TCZZA Ed. 01
[icmpcode] A number between 0 and 15.
Represents the expected [or NOT expected] ICMP code (or beginning
of range) of the packet as specified in the latest version of RFC1700:
Assigned number.
OPTIONAL
[icmpcodeend] A number between 0 and 15.
Represents the ICMP code range end.
Only applicable for ranges.
OPTIONAL
[clink] The name of the chain to be parsed when this rule applies. (action is
ignored).
OPTIONAL
action Action to be taken when this rule applies.
Choose between:
accept : the packet may pass.
deny : ICMP error destination unreachable. An error message
is sent back to the sender.
drop : packet disappears. It is silently dropped, that is, without
sending an error message to the sender.
count : update of statistics. Has no influence on the packet.
REQUIRED
EXAMPLE:
=>firewall rule list chain=Telnet
=>firewall rule create chain=telnet src=10.0.0.0/8 dst=200.200.200.1 srcintfgrp=lan
prot=tcp srcport=1024 srcportend=65535dstport=23
action=accept
=>firewall rule create chain=telnet src=200.200.200.1 dst=10.0.0.0/8 srcintfgrp=wan
prot=tcp srcport=23 dstport=1024 dstportend=65535
action=accept
=>firewall rule create chain=telnet
action=drop
=>firewall rule list chain=Telnet
:firewall rule create chain=Telnet index=0 srcintfgrp=lan src=10.0.0.0/8
dst=200.200.200.1/32 prot=tcp srcport=1024 srcportend=65535dstport=telnet
action=accept
:firewall rule create chain=Telnet index=1 srcintfgrp=wan src=200.200.200.1/32
dst=10.0.0.0/8 prot=tcp srcport=telnet dstport=1024 dstportend=65535
action=accept
:firewall rule create chain=Telnet index=2
action=drop
=>
RELATED COMMANDS:
firewall rule clear Clear statistics of a given rule.
firewall rule delete Delete a specified rule in a chain.
firewall rule flush Delete all rules in a chain.
firewall rule list Show a list of all (or a specified) chains' rules.
firewall rule stats Show statistics for all (or a specified) chains' rules.