Enterasys Networks XSR CLI Benutzerhandbuch

Firewall Interface Commands

XSR CLI Reference Guide 16-129

Examples

The following examples configure valid inputs:

ip firewall url-load-black-list blacklist.txt
ip firewall url-load-black-list flash:blacklist.txt
ip firewall url-load-white-list cflash:whitelist.txt

Firewall Interface Commands

ip firewall disable

This command disables firewall operation on a particular interface discrete from its application
globally. The command behaves separately and interactively at Global and Interface modes as
follows:

•

The system‐level firewall is disabled by default.

•

The interface‐level firewall is enabled by default unless explicitly disabled.

•

If the firewall is enabled, packet inspection will occur on all interfaces that have the firewall
enabled at the interface level.

•

A particular interface may be enabled but subsequently disabling the firewall globally
overrides all enabled interfaces

•

If you enable the firewall globally, all interfaces will be enabled until you subsequently disable
a particular interface

•

Enable

displays in

running-config

, but not

disable

•

Even if you have not configured the firewall, entering

ip firewall enable

will turn on

packet inspection.

Syntax

ip firewall disable

Syntax of the “no” Form

The no form of this command enables the firewall on a selected interface:

no ip firewall disable

Default

Enabled

Mode

Interface configuration:

XSR(config-if<xx>)#

Note: With the firewall enabled, source address validation (HostDoS checkspoof) is also enabled.
This service can improve security in some situations but erroneously discard valid packets in
situations where inbound and outbound paths differ as well as negatively impact some routing
protocols.