ZyXEL Communications 3.1 ユーザーズマニュアル
Chapter 16 Firewall
ZyWALL (ZLD) CLI Reference Guide
137
16.2.1 Firewall Sub-Commands
The following table describes the sub-commands for several firewall and firewall6 commands.
Table 67
firewall Sub-commands
COMMAND
DESCRIPTION
action {allow|deny|reject}
Sets the action the ZyWALL takes when packets match this
rule.
rule.
[no] activate
Enables a firewall rule. The no command disables the
firewall rule.
firewall rule.
[no] ctmatch {dnat | snat}
Use dnat to block packets sent from a computer on the
ZyWALL’s WAN network from being forwarded to an
internal network according to a virtual server rule.
ZyWALL’s WAN network from being forwarded to an
internal network according to a virtual server rule.
Use snat to block packets sent from a computer on the
ZyWALL’s internal network from being forwarded to the
WAN network according to a 1:1 NAT or Many 1:1 NAT rule.
ZyWALL’s internal network from being forwarded to the
WAN network according to a 1:1 NAT or Many 1:1 NAT rule.
The no command forwards the matched packets.
[no] description description
Sets a descriptive name (up to 60 printable ASCII
characters) for a firewall rule. The no command removes
the descriptive name from the rule.
characters) for a firewall rule. The no command removes
the descriptive name from the rule.
[no] destinationip address_object
Sets the destination IP address. The no command resets
the destination IP address(es) to the default (any). any
the destination IP address(es) to the default (any). any
means all IP addresses.
[no] destinationip6 address_object
Sets the destination IPv6 address. The no command resets
the destination IP address(es) to the default (any). any
the destination IP address(es) to the default (any). any
means all IP addresses.
[no] from zone_object
Sets the zone on which the packets are received. The no
command removes the zone on which the packets are
received and resets it to the default (any) meaning all
interfaces or VPN tunnels.
command removes the zone on which the packets are
received and resets it to the default (any) meaning all
interfaces or VPN tunnels.
[no] log [alert]
Sets the ZyWALL to create a log (and optionally an alert)
when packets match this rule. The no command sets the
ZyWALL not to create a log or alert when packets match
this rule.
when packets match this rule. The no command sets the
ZyWALL not to create a log or alert when packets match
this rule.
[no] schedule schedule_object
Sets the schedule that the rule uses. The no command
removes the schedule settings from the rule.
removes the schedule settings from the rule.
[no] service service_name
Sets the service to which the rule applies. The no command
resets the service settings to the default (any). any means
all services.
resets the service settings to the default (any). any means
all services.
[no] sourceip address_object
Sets the source IP address(es). The no command resets
the source IP address(es) to the default (any). any
the source IP address(es) to the default (any). any
means
all IP addresses.
[no] sourceip6 address_object
Sets the source IP address(es). The no command resets
the source IP address(es) to the default (any). any
the source IP address(es) to the default (any). any
means
all IP addresses.
[no] sourceport {tcp|udp} {eq <1..65535>|range
<1..65535> <1..65535>}
Sets the source port for a firewall rule. The
no
command
removes the source port from the rule.