Efficient Networks
®
Router family
Command Line Interface Guide
Chapter 18: Stateful Firewall Commands
Efficient Networks
®
Page 18-13
The following paragraphs identify the <parameter>s for modification:
Example
Example command changes the allow rule number 7 to a deny rule with no changes
to the existing parameters
Response
Command prompt.
-ac allow | deny
Changes the action taken on the packet when the rule is matched. Rule will
move from one allow | deny rules list to the other list.
-p <protocol> | tcp | udp | icmp | <protocol number>
a
a
Integer, numerical protocol ID.
Specifies the protocol a packet must have.
-a <application> imap | telnet | bootp | nntp | rpc | tftp | smtp |
dns | ftp | rexec | rsh | rlogin | syslog | winframe | rdp | http |
https | ntp | smb | ras | realaudio | netmeeting | aolim| quicktime
| cuseeme | netshow | pptp | nfs | nis | traceroute | sqlnet | ipsec
Modifies the firewall rule type.
-sp <ICMP type> | <first source port>[:<last source port>]
Modifies the source port, specified port range, or ICMP type.
-dp <ICMP type> | <first dest port>[:<last dest port>]
Modifies the destination port, specified port range, or ICMP code.
-sa <first source ip addr>[:<last source ip addr>]
Modifies the source IP address or specified address range.
-da <first dest ip addr>[:<last dest ip addr>]
Modifies the destination IP address or specified address range.
-sm <source ip mask>
Modifies the specified source ip mask.
-dm <dest ip mask>
Modifies the specified destination ip mask.
- q | -v
Modifies the message logging characteristic for the firewall rule.
-d in | out
Modifies the specified direction of the rule.
-> firewall modify allow 7 -ac deny