Install guide

ManualsBrandsAllied Telesis ManualsComputer equipmentRapier 16Fi-FX

76 Firewall Enhancements Release Note

Software Version 2.9.1

C613-10486-00 REV C

set firewall policy limitrule

Syntax SET FIREwall POLIcy=policy-name LIMitrule=rule-id

[INTerface={interface}] [IP=ipadd[-ipadd]]

[GBLRemoteip=ipadd[-ipadd]] [SRCIplimit=0..10000]

Description This command modifies a limit rule attached to a firewall policy. Limit rules

apply a limit to the number of concurrent sessions that a device can initiate

through the firewall. Each firewall policy can have up to 100 limit rules. The

details for a session must match all values set for the interface, ip, and

gblremote parameters for the limit rule to apply.

Each time a device initiates a session across the firewall, the router or switch

checks all the limit rules attached to a policy. If a session exceeds the limit in a

matching rule, then the router or switch does not allow the new session to start.

The device can only start the new session once it has ended one or more of the

current sessions.

This command only applies the limit as sessions are created; it does not end

any sessions established by a device before this rule was modified. However,

all matching existing session numbers are included when the router or switch

checks the limit rules.

Parameter Description

POLIcy The policy that the rule is added to. The policy-name is a string 1 to

15 characters long. Valid characters are uppercase and lowercase

letters, digits (0–9), and the underscore character. The specified

policy must already exist.

LIMitrule A numerical identifier for the rule for this policy. The rule-id is a

decimal number from 1 to 4294967295. The specified rule must

already exist.

INTerface The interface that the rule is attached to. The interface must already

exist and belong to the policy. Valid interfaces are:

eth (such as eth0, eth0-1)

VLAN (such as vlan1, vlan1-1)

FR (such as fr0, fr0-1)

X.25 (such as x25t0, x25t0-1)

PPP (such as ppp0, ppp1-1)

Alternatively, the interface may be a dynamic interface, formed by

concatenating the string “dyn-” with the name of a dynamic

interface template (e.g. dyn-remote).

Default: all interfaces attached to the policy

IP IP address of the private device or range of devices you are limiting

the sessions for. Devices must be on the private side of the firewall.

The IP address is specified using dotted decimal notation.

Default: all private devices

GBLRemoteip IP address of a public device or range of devices you are limiting the

sessions for. Devices must be on the public side of the firewall. The

IP address is specified using dotted decimal notation.

Default: all public devices

SCRIplimit Number of sessions matching this rule that each device is allowed.

Default: 0 (no limit set)