1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Telesis
    4. /
  4. AT-iMG624A
    5. /
  5. 84
Page 416 / 998 Scroll up to view Page 411 - 415
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-114
Firewall blocking logging enabled.
Firewall intrusion logging disabled.
See also
firewall enable|disable
firewall set securitylevel
4.3.2.0.6 FIREWALL LIST POLICIES
Syntax
firewall list policies
Description
This command lists the following information about policies that were added to the fire-
wall using the FIREWALL ADD POLICY command:
Policy ID number
Policy name
Interface Type 1 and Interface Type 2 - the two interface types between which a pol-
icy exists (external - internal, external - DMZ or internal - DMZ)
Validator Allow Only status - False, only traffic based on the direction and the IP
address(es) specified by Firewall validators is blocked. All other traffic is allowed.
Example
--> firewall list policies
Firewall Policies:
ID | Name
| Type 1
| Type 2
| Validator Allow Only
----------------------------------------------------------
1
| ext-int | external | internal | false
2
| ext-dmz | external | dmz
| false
3
| dmz-int | dmz
| internal | false
----------------------------------------------------------
See also
FIREWALL SHOW POLICY
FIREWALL ADD
FIREWALL ADD VALIDATOR
4.3.2.0.7 FIREWALL SHOW POLICY
Syntax
firewall show policy {ext-int|ext-dmz|dmz-int}
Description
This command displays information about a single policy that exists between two Secu-
rity interface types. Allow only Validator: false, means that only traffic based on the
direction and the IP address(es) specified in the firewall add validator command is
blocked. All other traffic is allowed.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Page 417 / 998
Firewall command reference
Firewall
4-115
iMG/RG Software Reference Manual (IPNetwork Functions)
Example
--> firewall show policy ext-dmz
Firewall Policy: ext-dmz
Interface Type 1: external
Interface Type 2: dmz
Allow Only Validator: false
See also
FIREWALL LIST POLICIES
See also
firewall set securitylevel
4.3.2.0.8 FIREWALL LIST PROTOCOL
Syntax
firewall list protocol
Description
This command lists the. The number of a non-TCP or non-UDP protocol. Protocol num-
bers can be found at
Example
--> firewall list protocol
Assigned Internet Protocol Numbers
see RFC 1700 "Assigned Numbers"
section "Protocol Numbers" pages 7 - 9
1
ICMP
Internet Control Message
2
IGMP
Internet Group Management
3
GGP
Gateway-to-Gateway
4
IP
IP in IP (encapsulation)
6
TCP
Transmission Control
8
EGP
Exterior Gateway Protocol
9
IGP
any private interior gateway
17
UDP
User Datagram
46
RSVP
Reservation Protocol
47
GRE
General Routing Encapsulation
89
OSPFIGP
OSPFIGP
92
MTP
Multicast Transport Protocol
94
IPIP
IP-within-IP Encapsulation Protocol
See also
Firewall add portfilter, firewall set portfilter
Option
Description
Default Value
name
An existing firewall policy. To display policy names, use
the FIREWALL LIST POLICIES command.
N/A
Page 418 / 998
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-116
4.3.2.0.9 FIREWALL ADD DOMAINFILTER
Syntax
FIREWALL ADD DOMAINFILTER <filtername> <policyname> <urlstring>
<starttime> <endtime>
Description
This command adds a new domainfilter. Your must specify the url which is an alphanu-
meric string including wildcard chars("*") and ".".
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall add domainfilter all_http ext-int www.*.com 10:00:00 18:00:00
4.3.2.0.10 FIREWALL SET DOMAINFILTER
Syntax
firewall SET domainfilter RULEACTION {<ALLOW|DENY>}
Description
This command
is used to change the default action required for every created domainfil-
ter.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall add domainfilter ruleAction allow
Option
Description
Default Value
filtername
Any alphanumeric string. This is the name of the
domain filter which should be unique.
N/A
policyname
Firewall policy.
N/A
urlstring
Any alphanumeric string which represents a valid
domain name. includes '*' to support wildcards.
N/A
starttime
Start time from when filter is active. Format will
be in 24 hour hh:mm:ss
N/A
endtime
Time after which filter is no more active.
N/A
Option
Description
Default Value
allow
allows all the domainfilters created
N/A
deny
denies all the domainfilters created .
N/A
Page 419 / 998
Firewall command reference
Firewall
4-117
iMG/RG Software Reference Manual (IPNetwork Functions)
4.3.2.0.11 FIREWALL DELETE DOMAINFILTER
Syntax
firewall delete domainfilter <filtername> <policyname>
Description
This command is used for deleting the URL filter created using the previous command
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
-->
firewall delete domainfilter all_http ext-int
See also
firewall add portfilter, firewall list domainfilter
4.3.2.0.12 FIREWALL ADD PORTFILTER
Syntax
FIREWALL ADD PORTFILTER <name> <policyname> {PROTOCOL <pro-
tocol>} {INBOUND|OUTBOUND|BOTH}
FIREWALL ADD PORTFILTER <name> <policyname> {TCP|UDP} <startport> <end-
port> {INBOUND|OUTBOUND|BOTH}
FIREWALL ADD PORTFILTER <name> <policyname> {ICMP|SMTP|HTTP|FTP|TEL-
NET} {INBOUND|OUTBOUND|BOTH}
Description
This command adds a portfilter to an existing firewall policy. Portfilters are individual
rules that determine what kind of traffic can pass between the two interfaces specified in
the firewall add policy command.
There are three ways that you can add a portfilter depending on the type of protocol that
you want to feature in the portfilter:
Specify the number of a non-TCP or non-UDP protocol (for more information, see
rfc1700.txt
)
Specify TCP or UDP protocol, together with an application’s start/end port numbers
Specify one of the listed protocols, applications or services. These are provided by the Firewall as popular
examples that you can use. You do not need to specify the portnumber - the Firewall does this for you.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Option
Description
Default Value
filtername
Any alphanumeric string. This is the name of the
domain filter which should be unique..
N/A
policyname
Firewall policy.
N/A
Page 420 / 998
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-118
Example
Example 1 - specifying a protocol <number>
The following example allows IGMP (
Internet Group Management Protocol
) packets
inbound from the external interface to the DMZ interface. IGMP is protocol number 2
(see
).
First, we need to create a policy:
--> firewall add policy ext-dmz external-dmz
Then we can add the portfilter to it:
--> firewall add portfilter pf1 ext-dmz protocol 2 inbound
Example 2 - specifying a TCP/UDP protocol
The following example allows DNS (
Domain Name Service
) outbound packets from the
internal interface to the external interface. DNS uses UDP port 53 (see
http://
www.ietf.org/rfc/rfc1700.txt
).
First, we need to create a policy:
--> firewall add policy ext-int external-internal
Then we can add the portfilter to it:
--> firewall add portfilter pf2 ext-int udp 53 53 outbound
Example 3 - using a provided protocol, application or service
Option
Description
Default
Value
name
An arbitrary name that identifies the portfilter. It can be
made up of one or more letters or a combination of letters
and digits, but it cannot start with a digit.
N/A
policyname
An existing firewall policy. To display policy names, use the
FIREWALL LIST POLICIES command.
N/A
protocol
startport
endport
inbound
outbound
both

Rate

4 / 5 based on 3 votes.

Popular Allied-Telesis Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top