Product specifications

ManualsBrandsEfficient Networks ManualsComputer equipmentRouter family Command line interface

171

172

173

174

175

176

177

178

179

180

Chapter 5: System Security Efficient Networks

Router family

Technical Reference Guide

Page 5-38 Efficient Networks

• The order in which the rules are evaluated are - Deny rules first and then

allow rules. Thus, in this example, when it evaluates the deny rules for an

FTP packet going from 192.168.1.20, it would find a matching deny rule and

hence the packet would be dropped.

For packets from any other address in the subnet, the deny rules would not

match and so the allow rules would be evaluated next. And since here it

would find a match, the packet would be allowed to go through

-> firewall allow -a FTP -sa 192.168.1.34 -d out

• Firewall rules can be used to open up ports that are needed by an application

without having to specify all those ports individually. For e.g., netmeeting

uses different port numbers. The user does NOT have to open these ports

individually. If the use enters an allow rule for that application all the ports

used by that application are opened.

-> firewall -a netmeeting -sa 192.168.1.23 -d out

This opens the ports for machine 192.168.1.23 to use netmeeting.

• If NAT is enabled on the router, then the outgoing firewall rules should be

specified in terms of the private addresses. However, for inbound rules, the

rules would need to use the router's WAN address. Thus, to allow incoming

FTP, the following rule would need to be entered:

-> firewall allow -a FTP -da 12.10.1.1 -d in

Listing Firewall Rules

The following command is used to display the current stateful firewall settings and

configured rules. The optional parameters will display only the specified allow or deny

rules listing.

firewall list [<allow | deny>]

Deleting Firewall Rules

The following command is used to delete configured rules. The optional parameters

will allow the deletion of a range of rules or all rules from the specified allow or deny

rules listing.

firewall delete <start rule number> [<end rule number>] <allow

| deny>

The delete all command will delete all entries from the allow or deny rules list or both

if no parameter is specified.

firewall delete all [<allow | deny>]