Cisco Cisco ASR 5700
ACS Rulebase Configuration Mode Commands
▀ firewall priority
▄ Command Line Interface Reference, StarOS Release 17
710
firewall priority
This command allows you to add and specify the priority and type of a Stateful Firewall ruledef in the current rulebase,
and allows you to configure a single or range of ports to be allowed on the server for auxiliary/data connections.
and allows you to configure a single or range of ports to be allowed on the server for auxiliary/data connections.
Important:
In StarOS 8.1 and StarOS 9.0 and later releases, for Policy-based Firewall-and-NAT configuration,
use the
access-rule priority
command available in the Firewall-and-NAT Policy Configuration Mode.
Product
PSF
NAT
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Rulebase Configuration
active-charging service service_name > rulebase rulebase_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-rule-base)#
Syntax
firewall priority priority [ dynamic-only | static-and-dynamic ] firewall-ruledef
firewall_ruledef_name { { deny [ charging-action charging_action_name ] } | { permit [
nat-realm nat_realm_name | [ trigger open-port { aux_port_number | range
start_port_number to end_port_number } direction { both | reverse | same } ] ] } }
firewall_ruledef_name { { deny [ charging-action charging_action_name ] } | { permit [
nat-realm nat_realm_name | [ trigger open-port { aux_port_number | range
start_port_number to end_port_number } direction { both | reverse | same } ] ] } }
no firewall priority priority
no
If previously configured, deletes the specified Stateful Firewall ruledef priority configuration from the current
rulebase.
rulebase.
priority
Specifies the Stateful Firewall ruledef’s priority in the current rulebase.
priority
must be a unique value in the current rulebase, and must be an integer from 1 through 65535.
[ dynamic-only | static-and-dynamic ] firewall-ruledef firewall_ruledef_name
Specifies the Stateful Firewall ruledef to add to the rulebase. Optionally, the Stateful Firewall ruledef type
can be specified.
can be specified.
dynamic-only
: Firewall Dynamic Ruledef—Predefined ruledef that can be enabled/disabled by the
policy server, and is disabled by default.
static-and-dynamic
: Firewall Static and Dynamic Ruledef—Predefined ruledef that can be
disabled/enabled by the policy server, and is enabled by default.
firewall_ruledef_name
must be the name of a Stateful Firewall ruledef, and must be an
alphanumeric string of 1 through 63 characters.