Cisco Cisco Packet Data Gateway (PDG) Wartungshandbuch
Configuration Management
Generally Available 06-30-2010
3-36
firewall no-ruledef-matches
This command configures the default action for packets with no Firewall ruledef matches.
CLI (ACS Configuration Mode)
firewall no-ruledef-matches { downlink | uplink } action { deny [
charging-action charging_action ] | permit }
default firewall no-ruledef-matches { downlink | uplink } action
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.
firewall policy
This command enables/disables Stateful Firewall support for all subscribers using the
current rulebase. In 8.0, this configuration was present in the Subscriber/APN mode.
current rulebase. In 8.0, this configuration was present in the Subscriber/APN mode.
CLI (Rulebase Configuration Mode)
firewall policy firewall-required
{ default | no } firewall policy
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.
firewall port-scan
This command configures port-scan detection parameters.
CLI (ACS Configuration Mode)
firewall port-scan { connection-attempt-success-percentage { non-scanner |
scanner } percentage | inactivity-timeout inactivity_timeout | protocol {
tcp | udp } response-timeout response_timeout | scanner-policy { block
inactivity-timeout inactivity_timeout | log-only } }
default firewall port-scan { connection-attempt-success- percentage {
non-scanner | scanner } | inactivity-timeout | protocol { tcp | udp }
response-timeout | scanner-policy }
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.
firewall priority
This command adds and specifies the priority and type of a firewall rule definition in the
rulebase, and allows you to configure a single or range of ports to be allowed on the server
for auxiliary/data connections.
rulebase, and allows you to configure a single or range of ports to be allowed on the server
for auxiliary/data connections.
CLI (Rulebase Configuration Mode)
firewall priority priority [ dynamic-only | static-and-dynamic ]
firewall-ruledef ruledef_name { { permit [ trigger open-port {
aux_port_number | range start_port_number to end_port_number } direction {
both | reverse | same } ] } | { deny [ charging-action charging_action ] } }
no firewall priority priority