Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

171

172

173

174

175

176

177

178

179

180

Efficient Networks

Router family

Technical Reference Guide

Chapter 5: System Security

Efficient Networks

Page 5-35

command - This parameter defines the list to which the firewall rule will be assigned.

The valid options are:

allow | deny

For example: -> firewall allow -a ftp -sa 192.168.1.34 -d out

protocol | application -The following parameters specify the <protocol> (-p) or

<application> (

-a) characteristics that a packet must have in order to match the

firewall rule. The valid protocol and application parameters are:

Protocol -

-p tcp | udp | icmp | <protocol number>

The packet must have the specified protocol. For a deny rule, if the

protocol matches, it may be dropped (based on additional rule

parameters). For an allow rule, if the protocol matches, it may be allowed.

When defining a protocol within the rule structure, the protocol or protocol

number is preceded by

-p.

-> firewall allow -p tcp -sa 192.168.1.34 -d out

Port Information - When a protocol is specified, port information also

may be defined as follows. When port information is entered, the source

port value is preceded with

-sp and the destination port with -dp.

-sp <ICMP type> | <first source port>[:<last source

port>]

If the protocol is ICMP, the packet must match the specified ICMP

type. If the packet is TCP or UDP, if only one source port is specified,

the packet must have the specified port, or if a range is defined, a

source port that is within the specified port range. If no source port is

specified, the firewall rule matches any source port in the range 0 -

65535.

-dp <ICMP code> | <first dest port>[:<last dest

port>]

If the protocol is ICMP, the packet must match the specified ICMP

code. If the packet is TCP or UDP, if only one port is specified, the

packet must have the specified destination port, or if a range is

defined, a port that is within the specified destination port range. If no

destination port is specified, the firewall rule matches any destination

port in the range 0 - 65535.

-> firewall allow -p tcp -sp 161 -sa 192.168.1.34 -

d out