ZyXEL Communications 3.1 User Manual
Chapter 16 Firewall
ZyWALL (ZLD) CLI Reference Guide
139
The following command displays the default IPv6 firewall rule that applies to the WAN to ZyWALL
packet direction. The firewall rule number is in the rule’s priority number in the global rule list.
packet direction. The firewall rule number is in the rule’s priority number in the global rule list.
16.3 Session Limit Commands
The following table identifies the values required for many of these commands. Other input values
are discussed with the corresponding commands.
are discussed with the corresponding commands.
The following table describes the session-limit commands. You must use the
configure
terminal
command to enter the configuration mode before you can use these commands.
Router(config)# show firewall6 WAN ZyWALL
firewall rule: 13
description:
user: any, schedule: none
from: WAN, to: ZyWALL
source IP: any, source port: any
destination IP: any, service: Default_Allow_v6_WAN_To_ZyWALL
log: no, action: allow, status: yes
Table 68
Input Values for General Session Limit Commands
LABEL
DESCRIPTION
rule_number
The priority number of a session limit rule, 1 - 1000.
address_object
The name of the IP address (group) object. You may use 1-31 alphanumeric
characters, underscores (
characters, underscores (
_
), or dashes (-), but the first character cannot be a
number. This value is case-sensitive.
address6_object
The name of the IPv6 address (group) object. You may use 1-31 alphanumeric
characters, underscores(
characters, underscores(
_
), or dashes (-), but the first character cannot be a
number. This value is case-sensitive.
user_name
The name of a user (group). You may use 1-31 alphanumeric characters, underscores
(
(
_
), or dashes (-), but the first character cannot be a number. This value is case-
sensitive.
Table 69
Command Summary: Session Limit
COMMAND
DESCRIPTION
[no] session-limit activate
Turns the session-limit feature on or off.
session-limit limit <0..8192>
Sets the default number of concurrent NAT/firewall sessions per host.
session-limit rule_number
Enters the session-limit sub-command mode to set a session-limit rule.
[no] activate
Enables the session-limit rule. The
no
command disables the session
limit rule.
[no] address address_object
Sets the source IP address. The
no
command sets this to
any
, which
means all IP addresses.
[no] description description
Sets a descriptive name (up to 64 printable ASCII characters) for a
session-limit rule. The
session-limit rule. The
no
command removes the descriptive name
from the rule.
exit
Quits the sub-command mode.
[no] limit <0..8192>
Sets the limit for the number of concurrent NAT/firewall sessions this
rule’s users or addresses can have. 0 means any.
rule’s users or addresses can have. 0 means any.
[no] user user_name
Sets a session-limit rule for the specified user. The
no
command resets
the user name to the default (
any
).
any
means all users.