Product specifications
Chapter 5: System Security Efficient Networks
®
Router family
Technical Reference Guide
Page 5-36 Efficient Networks
®
Application -
-a imap | telnet | bootp | nntp | rpc | tftp | smtp |
dns | ftp | rexec | rsh | rlogin | syslog | winframe |
rdp | http | https | ntp | smb | ras | realaudio |
netmeeting | aolim| quicktime | cuseeme | netshow |
pptp | nfs | nis | traceroute | sqlnet | ipsec
Packets must match the assigned application characteristics.
-> firewall allow -a ftp -sa 192.168.1.34 -d out
address - The following <parameters> specify the source and destination IP address
information. When entering these parameters on the command line, the
-sa, -sm,
-da and -dm parameters are required before the corresponding parameter values as
shown below.
Source address -
-sa <first source ip addr>[:<last source ip addr>]
The packet must have a source IP address within the specified address
range. If only one address is specified, the packet must have that source
IP address. If no source IP address is specified, the firewall rule matches
any valid IPV4 address.
Source mask -
-sm <source ip mask>
The firewall rule uses the specified mask when comparing the <first
source ip addr>...<last source ip addr> with the source IP address in the
IP packet. If no source mask is specified, the mask used is
255.255.255.255.
Destination address -
-da <first dest ip addr>[:<last dest ip addr>]
The packet must have a destination IP address within the specified
address range. If only one address is specified, the packet must have
that destination IP address. If no destination IP address is specified, the
firewall rule matches any valid IPV4 address.
Destination mask -
-dm <dest ip mask>
The firewall rule uses the specified mask when comparing the <first dest
ip addr>...<last dest ip addr> with the destination IP address in the IP
packet. If no destination mask is specified, the mask used is
255.255.255.255.
-> firewall allow -a FTP -sa 192.168.1.0 -sm
255.255.255.0 -da 64.12.11.1 -d out