Support User Manuals

ZyXEL Communications 3.1 Security Camera User Manual

Open as PDF

of 386

Chapter 16 Firewall

ZyWALL (ZLD) CLI Reference Guide

137

16.2.1 Firewall Sub-Commands

The following table describes the sub-commands for several firewall and firewall6 commands.

Table 67 firewall Sub-commands

COMMAND DESCRIPTION

action {allow|deny|reject} Sets the action the ZyWALL takes when packets match this

rule.

[no] activate Enables a firewall rule. The no command disables the

firewall rule.

[no] ctmatch {dnat | snat} Use dnat to block packets sent from a computer on the

ZyWALL’s WAN network from being forwarded to an

internal network according to a virtual server rule.

Use snat to block packets sent from a computer on the

ZyWALL’s internal network from being forwarded to the

WAN network according to a 1:1 NAT or Many 1:1 NAT rule.

The no command forwards the matched packets.

[no] description description Sets a descriptive name (up to 60 printable ASCII

characters) for a firewall rule. The no command removes

the descriptive name from the rule.

[no] destinationip address_object Sets the destination IP address. The no command resets

the destination IP address(es) to the default (any). any

means all IP addresses.

[no] destinationip6 address_object Sets the destination IPv6 address. The no command resets

the destination IP address(es) to the default (any). any

means all IP addresses.

[no] from zone_object Sets the zone on which the packets are received. The no

command removes the zone on which the packets are

received and resets it to the default (any) meaning all

interfaces or VPN tunnels.

[no] log [alert] Sets the ZyWALL to create a log (and optionally an alert)

when packets match this rule. The no command sets the

ZyWALL not to create a log or alert when packets match

this rule.

[no] schedule schedule_object Sets the schedule that the rule uses. The no command

removes the schedule settings from the rule.

[no] service service_name Sets the service to which the rule applies. The no command

resets the service settings to the default (any). any means

all services.

[no] sourceip address_object Sets the source IP address(es). The no command resets

the source IP address(es) to the default (any). any

means

all IP addresses.

[no] sourceip6 address_object Sets the source IP address(es). The no command resets

the source IP address(es) to the default (any). any

means

all IP addresses.

[no] sourceport {tcp|udp} {eq <1..65535>|range

<1..65535> <1..65535>}

Sets the source port for a firewall rule. The no command

removes the source port from the rule.

previous next