Operation Manual
178
Firewall Commands
E-DOC-CTC-20040210-0030 v1.0
firewall rule create
Create a rule.
Note If a value is preceded by a “!”, it means "NOT".
E.g. "dstintfgrp=!wan" means "if dstintfgrp is different from WAN".
SYNTAX:
where:
firewall rule create chain = <string>
[index = <number>]
[srcintf [!]= <string>]
[srcintfgrp [!]= <{wan|local|lan} or number>]
[src [!]= <ip-address>]
[dstintf [!]= <string>]
[dstintfgrp [!]= <{wan|local|lan} or number>]
[dst [!]= <ip-address>]
[tos [!]= <number{1-255}>]
[precedence [!]= <number{0-7}>]
[dscp [!]= <number{0-63}>]
[prot [!]= <{<supported IP protocol name>|<number>}>]
[syn = <yes|no>]
[urg = <yes|no>]
[ack = <yes|no>]
[srcport [!]= <{<supported TCP/UDP port name>|<number>}>]
[srcportend = <{<supported TCP/UDP port name>|<number>}>]
[dstport [!]= <{<supported TCP/UDP port name>|<number>}>]
[dstportend = <{<supported TCP/UDP port name>|<number>}>]
[icmptype [!]= <{<supported ICMP type name>|<number>}>]
[icmpcode [!]= <number{0-15}>]
[icmpcodeend = <number{0-15}>]
[clink = <string>]
[log = <{no|yes}>]
action = <{accept|deny|drop|count}>
chain The name of the chain in which the rule must be inserted. REQUIRED
index The number of the rule before which the new rule must be added. OPTIONAL
srcintf The name of the interface the packet should [or should NOT] arrive
on to make this rule apply.
Note NOT applicable if used in a chain assigned to the output
hook.
OPTIONAL