Справочник Пользователя для Alcatel-Lucent speedtouch 500

186

Firewall Commands

firewall rule create

Create a rule.

SYNTAX:

firewall rule create

chain = <string>
[index = <number>]
[srcintf [!]= <string>]
[srcintfgrp [!]= <{wan|local|lan}>]
[srcbridgeport [!]= <number>]
[src [!]= <ip-address>]
[dstintf [!]= <string>]
[dstintfgrp [!]= <{wan|local|lan}>]
[dst [!]= <ip-address>]
[tos [!]= <number{1-255}>]
[precedence [!]= <number{0-7}>]
[dscp [!]= <number{0-63}>]
[prot [!]= <{<supported IP protocol name>|<number>}>]
[syn = <yes|no>]
[urg = <yes|no>]
[ack = <yes|no>]
[srcport [!]= <{<supported TCP/UDP port name>|<number>}>]
[srcportend = <{<supported TCP/UDP port name>|<number>}>]
[dstport [!]= <{<supported TCP/UDP port name>|<number>}>]
[dstportend = <{<supported TCP/UDP port name>|<number>}>]
[icmptype [!]= <{<supported ICMP type name>|<number>}>]
[icmpcode [!]= <number{0-15}>]
[icmpcodeend = <number{0-15}>]
[clink = <string>]
[log = <{no|yes}>]
action = <{accept|deny|drop|count}>

chain

The name of the chain to insert the rule in.

REQUIRED

index

The number of the rule before which the new rule must be added.

OPTIONAL

srcintf

The name of the interface the packet should [or should NOT] arrive
on to make this rule apply.
(NOT applicable if used in a chain assigned to the output hook)

OPTIONAL

srcintfgrp

The interface group the packet should [or should NOT] arrive on.
Choose between:

•

wan

•

local

•

lan

(NOT applicable if used in a chain assigned to the output hook)

OPTIONAL