ZyXEL Communications 3.1 User Manual

Chapter 16 Firewall

ZyWALL (ZLD) CLI Reference Guide

These are IPv4 firewall configuration examples. The IPv6 firewall commands are similar.

The following example shows you how to add an IPv4 firewall rule to allow a MyService connection 
from the WAN zone to the IP addresses Dest_1 in the LAN zone. 

• Enter configuration command mode.
• Create an IP address object.
• Create a service object.
• Enter the firewall sub-command mode to add a firewall rule. 
• Set the direction of travel of packets to which the rule applies.
• Set the destination IP address(es). 
• Set the service to which this rule applies.
• Set the action the ZyWALL is to take on packets which match this rule. 

The following command displays the default IPv4 firewall rule that applies to the WAN to ZyWALL 
packet direction. The firewall rule number is in the rule’s priority number in the global rule list.

[no] to {zone_object|ZyWALL}

Sets the zone to which the packets are sent. The 

no

 

command removes the zone to which the packets are sent 
and resets it to the default (any). any means all interfaces 
or VPN tunnels.

[no] user user_name

Sets a user-aware firewall rule. The rule is activated only 
when the specified user logs into the system. The 

no

 

command resets the user name to the default (any). any

means all users.

firewall Sub-commands (continued)

Router# configure terminal

Router(config)# service-object MyService tcp eq 1234

Router(config)# address-object Dest_1 10.0.0.10-10.0.0.15

Router(config)# firewall insert 3

Router(firewall)# from WAN

Router(firewall)# to LAN

Router(firewall)# destinationip Dest_1

Router(firewall)# service MyService

Router(firewall)# action allow

Router(config)# show firewall WAN ZyWALL

firewall rule: 13

  description:

  user: any, schedule: none

  from: WAN, to: ZyWALL

  source IP: any, source port: any

  destination IP: any, service: Default_Allow_WAN_To_ZyWALL

  log: no, action: allow, status: yes

  connection match: no