ZyXEL Communications 3.1 ユーザーズマニュアル
Chapter 20 Application Patrol
ZyWALL (ZLD) CLI Reference Guide
166
20.2.3 Exception Commands for Pre-defined Applications
This table lists the commands for exception rules for application access controls. These commands
are used for backward compatible only.
are used for backward compatible only.
20.2.3.1 Exception Rule Sub-commands
The following table describes the sub-commands for several application patrol exception rule
commands. Note that not all rule commands use all the sub-commands listed here.
commands. Note that not all rule commands use all the sub-commands listed here.
Table 85
app Commands: Exception Rules in Pre-Defined Applications
COMMAND
DESCRIPTION
app protocol_name exception insert rule_number
Creates a new rule at the specified row and enters sub-command
mode. See
mode. See
for the sub-commands.
app protocol_name exception append
Creates a new rule, appends it to the end of the list, and enters
sub-command mode. See
sub-command mode. See
for the sub-
commands.
app protocol_name exception rule_number
Enters sub-command mode for editing the rule at the specified
row. See
row. See
for the sub-commands.
app protocol_name exception rule_number
or
app protocol_name exception modify rule_number
Enters sub-command mode for editing the rule at the specified
row. See
row. See
for the sub-commands.
app protocol_name exception default
or
app protocol_name exception modify default
Enters sub-command mode for editing the default rule for the
application. See
application. See
for the sub-commands.
app protocol_name exception move rule_number
to rule_number
Moves the specified rule (first index) to the specified location. The
process is (1) remove the specified rule from the table; (2) re-
number; (3) insert the rule at the specified location.
process is (1) remove the specified rule from the table; (2) re-
number; (3) insert the rule at the specified location.
Table 86
app patrol exception rule Sub-commands
COMMAND
DESCRIPTION
access {forward | drop | reject}
Specifies the action when traffic matches the rule.
[no] action-block
{login|message|audio|video|file-
transfer}
Blocks use of a specific feature.
[no] activate
Turns on this rule. The
no
command turns off this rule.
bandwidth {inbound | outbound}
<0..1048576>
Limits inbound or outbound bandwidth, in kilobits per second. 0
disables bandwidth management for traffic matching this rule.
disables bandwidth management for traffic matching this rule.
[no] bandwidth excess-usage
Enables maximize bandwidth usage to let the traffic matching this
policy “borrow” any unused bandwidth on the out-going interface.
policy “borrow” any unused bandwidth on the out-going interface.
bandwidth priority <1..7>
Set the priority for traffic that matches this rule. The smaller the
number, the higher the priority.
number, the higher the priority.
[no] destination profile_name
Adds the specified destination address to the rule.
[no] from zone_name
Specifies the source zone.
[no] inbound-dscp-mark {<0..63> | class
{default | dscp_class}}
This is how the ZyWALL handles the DSCP value of the outgoing
packets to a connection’s initiator that match this policy.
packets to a connection’s initiator that match this policy.
Enter a DSCP value to have the ZyWALL apply that DSCP value. Set
this to the class default to have the ZyWALL set the DSCP value to
0.
this to the class default to have the ZyWALL set the DSCP value to
0.
[no] log [alert]
Creates log entries (and alerts) for traffic that matches the rule. The
no
command does not create any log entries.