Manualshelf

Installation guide

ManualsBrandsMcafee ManualsOtherFIREWALL 2.1-GETTING STARTED
141142143144145146147148149150
141
NGFW Engine Commands
sg-blacklist
(continued)
Firewall,
Layer 2
Firewall,
IPS
Add/Del Parameters:
Enter at least one parameter. The default value is used for the
parameters that you omit. You can also save parameters in a
text file; each line in the file is read as one blacklist entry.
src IP_ADDRESS/MASK defines the source IP address and
netmask to match. Matches any IP address by default.
src6 IPv6_ADDRESS/PREFIX defines the source IPv6 and
prefix length to match. Matches any IPv6 address by default.
dst IP_ADDRESS/MASK defines the destination IP address and
netmask to match. Matches any IP address by default.
dst6 IPv6_ADDRESS/PREFIX defines the destination IPv6
address and prefix length to match. Matches any IPv6 address by
default.
proto {tcp|udp|icmp|NUM} defines the protocol to match
by name or protocol number. Matches all IP traffic by default.
srcport PORT[-PORT] defines the TCP/UDP source port or
range to match. Matches any port by default.
dstport PORT[-PORT] defines the TCP/UDP destination port
or range to match. Matches any port by default.
duration NUM defines in seconds how long the entry is kept.
Default is 0, which cuts current connections, but is not kept.
Examples:
sg-blacklist add src 192.168.0.2/32 proto tcp
dstport 80 duration 60
sg-blacklist add -i myblacklist.txt
sg-blacklist del dst 192.168.1.0/24 proto 47
sg-bootconfig
[--primary-console
=tty0|ttyS PORT,SPEED]
[--secondary-console
= [tty0|ttyS PORT,SPEED]]
[--flavor=up|smp]
[--initrd=yes|no]
[--crashdump=yes|no|Y@X]
[--append=kernel options]
[--help]
apply
Firewall,
La
yer 2
Firewall,
IPS
Used to edit boot command parameters for future bootups.
--primary-console=tty0|ttyS PORT,SPEED parameter
defines the terminal settings for the primary console.
--secondary-console= [tty0|ttyS PORT,SPEED]
parameter defines the terminal settings for the secondary
console.
--flavor=up|smp [-kdb] parameter defines whether the
kernel is uniprocessor or multiprocessor.
--initrd=yes|no parameter defines whether Ramdisk is
enabled or disabled.
--crashdump=yes|no|Y@X parameter defines whether kernel
crashdump is enabled or disabled, and how much memory is
allocated to the crash dump kernel (Y). The default is 24M. X
must always be 16M.
--append=kernel options parameter defines any other
boot options to add to the configuration.
--help parameter displays usage information.
apply command applies the specified configuration options.
Table A.2 NGFW Engine Command Line Tools (Continued)
Command
Engine
Role
Description