1. Home
    2. /
  2. Manuals
    3. /
  3. Allied-Telesis
    4. /
  4. AT-iMG624A
    5. /
  5. 85
Page 421 / 998 Scroll up to view Page 416 - 420
Firewall command reference
Firewall
4-119
iMG/RG Software Reference Manual (IPNetwork Functions)
The following example allows SMTP (
Simple Mail Transfer Protocol
) packets inbound
and outbound between the internal interface to the DMZ interface. This is a popular pro-
tocol that is provided by the Firewall. You do not need to specify the portnumber - the
Firewall does this for you.
First, we need to create a policy:
--> firewall add policy dmz-int dmz-internal
Then we can add the portfilter to it:
--> firewall add portfilter pf3 dmz-int smtp both
See also
FIREWALL LIST POLICIES
FIREWALL LIST PROTOCOL
See the Well Known Port Numbers section of RFC 1700 for a list of port numbers and protocols for particular
services (see
).
4.3.2.0.13 FIREWALL SET PORTFILTER
Syntax
firewall set portfilter <name> <policyname> {srcaddr <IPad-
dress><Mask>} {dstaddr <IPaddress><Mask>}
firewall set portfilter <name> <policyname> {srcport <startport><endport>} {dstport
<startport><endport>}
firewall set portfilter <name> <policyname> {Protocol <protocol>}
firewall set portfilter <name> <policyname> {direction <inbound | outbound | both>}
filrewall set portfilter <name> <policyname> {ENABLE | disabled}
filrewall set portfilter <name> <policyname> {ALLOW | DENY}
Description
This command sets all the attributes of each portfilter object created in the system. The
attributes of portfilters are:
set the permission status of portfilter to allow or deny
source and destination address
source and destination port
protocol
direction
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Page 422 / 998
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-120
4.3.2.0.14 FIREWALL CLEAR PORTFILTERS
Syntax
FIREWALL CLEAR PORTFILTERS <policyname>
Description
This command deletes all portfilters that were added to an existing firewall policy using
the firewall add portfilter command.
Option
Description
Default Value
name
An arbitrary name that identifies the portfilter. It can be made
up of one or more letters or a combination of letters and dig-
its, but it cannot start with a digit.
N/A
policyname
An existing firewall policy. To display policy names, use the
FIREWALL LIST POLICIES command.
N/A
IPaddress
The source and destination IP address. The IP address is dis-
played in the following format: 192.168.102.3
N/A
Mask
the IP Mask address.
N/A
protocol
The number of a non-TCP or non-UDP protocol. Protocol
numbers can be found at
N/A
startport
The start of the port range for a TCP or UDP protocol.
N/A
endport
The end of the port range for a TCP or UDP protocol.
N/A
inbound
Allows transport of packets of the specified protocol, applica-
tion or service from an outside interface to an inside one.
Outbound transport of the packets is not allowed.
N/A
outbound
Allows transport of packets of the specified protocol, applica-
tion or service from an inside interface to an outside inter-
face. Inbound transport of the packets is not allowed.
N/A
both
Allows inbound and outbound transport of packets of the
specified protocol, application or service between inside and
outside interfaces.
N/A
enable
It enables the changes done to the attributes.
N/A
disable
It disables the changes done to the attributes.
N/A
allow
set the permission status of portfilter to allow
N/A
deny
set the permission status of portfilter to deny
Page 423 / 998
Firewall command reference
Firewall
4-121
iMG/RG Software Reference Manual (IPNetwork Functions)
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall clear portfilters ext-int
See also
FIREWALL DELETE PORTFILTER
FIREWALL LIST POLICIES
4.3.2.0.15 FIREWALL DELETE PORTFILTER
Syntax
FIREWALL DELETE PORTFILTER <name> <policyname>
Description
This command deletes a single portfilter that was added to a firewall policy using the fire-
wall add portfilter command.
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall delete portfilter pf3 ext-int
See also
FIREWALL LIST POLICIES
FIREWALL LIST PORTFILTERS
FIREWALL CLEAR PORTFILTERS
4.3.2.0.16 FIREWALL LIST PORTFILTERS
Syntax
FIREWALL LIST PORTFILTERS <policyname>
Description
This command lists portfilters that were added to a firewall policy using the firewall add
portfilter command. It displays the following information:
Option
Description
Default Value
policyname
An existing firewall policy. To display policy names, use the
FIREWALL LIST POLICIES command.
N/A
Option
Description
Default Value
name
An existing portfilter. To display portfilter names, use
the FIREWALL LIST PORTFILTER command.
N/A
policyname
An existing firewall policy. To display policy names, use
the FIREWALL LIST POLICIES command.
N/A
Page 424 / 998
Firewall
Firewall command reference
iMG/RG Software Reference Manual (IPNetwork Functions)
4-122
Portfilter ID number
Portfilter name
Type - port number range or specified port number
Port range used by the specified TCP or UDP protocol
(e.g., 53 for DNS, 25 for
SMTP). For non-TCP/UDP protocols, the port range is set to 0-0.
In - displays the inbound permission setting (true or false)
Out- displays the outbound permission setting (true or false)
Raw - displays whether the portfilter uses a non-TCP/UDP protocol (true or false)
TCP - displays whether the portfilter uses a TCP protocol (true or false)
UDP - displays whether the portfilter uses a UDP protocol (true or false)
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall list portfilters ext-int
Firewall Port Filters:
ID | Name
| Prot | Status
| allow
-------------------------------------------
1 | pf2
| TCP
| enabled | true
2 | pf3
| UDP
| enabled | true
3 | pf4
| 92
| disabled| false
-------------------------------------------
See also
FIREWALL LIST POLICIES
FIREWALL LIST PROTOCOL
See also
FIREWALL SHOW PORTFILTER
See also
For a list of the port numbers and/or numbers assigned to
protocols, see
.
4.3.2.0.17 FIREWALL SHOW PORTFILTER
Syntax
FIREWALL SHOW PORTFILTER <name> <policyname>
Option
Description
Default Value
policyname
An existing firewall policy. To display policy names, use the
FIREWALL LIST POLICIES command.
N/A
Page 425 / 998
Firewall command reference
Firewall
4-123
iMG/RG Software Reference Manual (IPNetwork Functions)
Description
This command displays information about a single portfilter that was added to a firewall
policy using the firewall policy add portfilter command. The following portfilter informa-
tion is displayed:
Portfilter name
Transport type used by the protocol (e.g., 6 for SMTP)
Start of the port range
End of the port range
Inbound permission (true or false)
Outbound permission (true or false)
Raw IP - whether the portfilter uses a non-TCP/UDP protocol (true or false)
TCP permission - whether the portfilter uses a TCP protocol (true or false)
UDP permission - whether the portfilter uses a UDP protocol (true or false)
Options
The following table gives the range of values for each option that can be specified with
this command and a Default Value (if applicable).
Example
--> firewall show portfilter pf3 ext-int
Firewall Port Filter: pf3
Source IP range start : 0.0.0.0
Source IP range end : 255.255.255.255
Destination IP range start : 0.0.0.0
Destination IP range end : 255.255.255.255
IP protocol : TCP
Source port number start : 0
Source port number end : 65535
Destination port number start : 25
Destination port number end : 25
Inbound permission : true
Outbound permission : true
Option
Description
Default Value
name
An existing portfilter. To display portfilter names, use the
FIREWALL LIST PORTFILTERS command.
N/A
policyname
An existing firewall policy. To display policy names, use the
FIREWALL LIST POLICIES command.
N/A

Rate

4 / 5 based on 3 votes.

Popular Allied-Telesis Models

Famous Router IPs
Famous Router Companies
Bookmark Our Site

Press Ctrl + D to add this site to your favorites!

Share
Top