ZyXEL Communications 4.04 User Manual
Chapter 10 Configuration Commands
ZyWALL (ZyNOS) CLI Reference Guide
77
10.3 Command Examples
10.3.1 Firewall Example
Type the following commands to setup a firewall rule in WAN to WAN direction, with source
IP = 1.1.1.1 and destination IP = 2.2.2.2. The configured service is SSH(TCP:22), logging is
enabled, and the default action taken when a packet matches a rule is to permit the packet.
Save your settings and then display them for checking.
IP = 1.1.1.1 and destination IP = 2.2.2.2. The configured service is SSH(TCP:22), logging is
enabled, and the default action taken when a packet matches a rule is to permit the packet.
Save your settings and then display them for checking.
firewall attack tcp-mac-incomplete <0~255>
30
firewall e-mail policy
none
icmp-timeout
60 seconds
tcp-idle-timeout
3600 seconds
udp-idle-timeout
60 seconds
Table 28 config Default Values
VARIABLE
DEFAULT VALUE
config insert firewall set 8 rule 1
config edit firewall set 8 rule 1 srcaddr-single 1.1.1.1
config edit firewall set 8 rule 1 destaddr-single 2.2.2.2
config edit firewall set 8 rule 1 tcp destport-single 22
config edit firewall set 8 rule 1 log match
config edit firewall set 8 rule 1 action permit
config edit firewall set 8 rule 1 name SSH
ras> config display firewall set 8
ACL set number: 8(WAN1 to WAN1/ZyWALL)
ACL set name: Cmz-Rules
ACL set number of rules: 1
ACL set default action: drop
ACL pnc enable: no
ACL log enable: no
ACL logone enable: no
ACL set timeout values:
ICMP idle timeout (s): 60
UDP idle timeout (s): 60
TCP connection timeout (s): 30
TCP FIN-wait timeout (s): 60
TCP idle timeout (s): 3600
Free space remaining in ACL buffer: 161160
ras> config display set 8 rule 1
ACL rule number: 1
ACL rule active: yes
ACL rule action: permit
ACL rule protocol:
ACL rule log: match
ACL rule alert: no
Source Single IP address: 1.1.1.1
Destination Single IP address: 2.2.2.2
TCP destination port number(s): 22
ACL rule name: SSH
ras> config save firewall