ZyXEL p-660hwp Guia Do Utilizador

Appendix G Firewall Commands

P-660HWP-Dx User’s Guide

Config edit firewall set <set 
#> tcp-idle-timeout <seconds>

This command sets how long P-660HWP-Dx 

lets an inactive TCP connection remain open 

before considering it closed.

Config edit firewall set <set 
#> log <yes | no>

This command sets whether or not the P-

660HWP-Dx creates logs for packets that 

match the firewall’s default rule set.

Rules

Config edit firewall set <set 
#> rule <rule #> permit 
<forward | block>

This command sets whether packets that 

match this rule are dropped or allowed 

through.

Config edit firewall set <set 
#> rule <rule #> active <yes | 
no>

This command sets whether a rule is enabled 

or not.

Config edit firewall set <set 
#> rule <rule #> protocol 
<integer protocol value >

This command sets the protocol specification 

number made in this rule for ICMP.

Config edit firewall set <set 
#> rule <rule #> log <none | 
match | not-match | both>

This command sets the P-660HWP-Dx to log 

traffic that matches the rule, doesn't match, 

both or neither.

Config edit firewall set <set 
#> rule <rule #> alert <yes | 
no>

This command sets whether or not the P-

660HWP-Dx sends an alert e-mail when a 

DOS attack or a violation of a particular rule 

occurs. 

config edit firewall set <set 
#> rule <rule #> srcaddr-
single <ip address>

This command sets the rule to have the P-

660HWP-Dx check for traffic with this 

individual source address.

config edit firewall set <set 
#> rule <rule #> srcaddr-
subnet <ip address> <subnet 
mask>

This command sets a rule to have the P-

660HWP-Dx check for traffic from a particular 

subnet (defined by IP address and subnet 

mask).

config edit firewall set <set 
#> rule <rule #> srcaddr-range 
<start ip address> <end ip 
address>

This command sets a rule to have the P-

660HWP-Dx check for traffic from this range 

of addresses.

Table 168   Firewall Commands (continued)