RUGGEDCOM ROX II
CLI User Guide
Chapter 6
Security
Configuring the Source Zone
207
Parameter
Description
• dnat: Forwards the request to another system and (optionally) another port.
• dnat-: Only generates the DNAT IPtables rule and not the companion ACCEPT rule.
• drop: The connection request is ignored. No notification is sent.
• redirect: Redirects the request to a local TCP port number on the local firewall.
• reject: Rejects the connection with an RST (TCP) or ICMP destination-unreachable.
source-zone-hosts { source-zone-hosts }
Synopsis:
A string
(Optional) Add comma-separated host IPs to a predefined source-zone.
destination-zone-hosts { destination-zone-
hosts }
Synopsis:
A string
(Optional) Add comma-separated host IPs to the destination-zone - may include :port for
DNAT or REDIRECT.
log-level { log-level }
Synopsis:
{ none, debug, info, notice, warning, error, critical, alert, emergency }
Default:
none
(Optional) Determines whether or not logging will take place and at which logging level.
protocol { protocol }
Synopsis:
{ tcp, udp, icmp, all } or a string
Default:
all
The protocol to match for this rule - must be 'udp' for rules using copy-dnat actions.
source-ports { source-ports }
Synopsis:
A string
Default:
none
(Optional) The TCP/UDP port(s) the connection originated from. Default: all ports. Add a
single port or a list of comma-separated ports
destination-ports { destination-ports }
Synopsis:
A string
Default:
none
(Optional) The TCP/UDP port(s) the connection is destined for. Default: all ports. Add a
single port or a list of comma-separated ports
original-destination { original-destination }
Synopsis:
{ None } or a string
Default:
none
(Optional) The destination IP address in the connection request as it was received by the
firewall - (mandatory) for rules using copy-dnat actions.
description { description }
Synopsis:
A string
(Optional) The description string for this rule.
4. Type
commit
and press
Enter
to save the changes, or type
revert
and press
Enter
to abort.
Section 6.9.15.3
Configuring the Source Zone
To configure the source zone for a firewall rule, do the following:
1. Make sure the CLI is in Configuration mode.
2. Navigate to
security » firewall » fwconfig » {firewall} » fwrule{rule} » source-zone
, where
{firewall}
is the
name of the firewall and
{rule}
is the name of the rule.
3. Configure the following parameter(s) as required:
Parameter
Description
predefined-zone { predefined-zone }
Synopsis:
A string
A predefined zone
Содержание RUGGEDCOM ROX II
Страница 2: ...RUGGEDCOM ROX II CLI User Guide ii ...
Страница 4: ...RUGGEDCOM ROX II CLI User Guide iv ...
Страница 39: ...RUGGEDCOM ROX II CLI User Guide Table of Contents xxxix 19 5 VLANs 752 ...
Страница 40: ...Table of Contents RUGGEDCOM ROX II CLI User Guide xl ...
Страница 46: ...Preface RUGGEDCOM ROX II CLI User Guide xlvi Customer Support ...
Страница 96: ...Chapter 2 Using RUGGEDCOM ROX II RUGGEDCOM ROX II CLI User Guide 50 Accessing Maintenance Mode ...
Страница 170: ...Chapter 5 System Administration RUGGEDCOM ROX II CLI User Guide 124 Deleting a Scheduled Job ...
Страница 256: ...Chapter 6 Security RUGGEDCOM ROX II CLI User Guide 210 Enabling Disabling a Firewall ...
Страница 402: ...Chapter 11 Wireless RUGGEDCOM ROX II CLI User Guide 356 Managing Cellular Modem Profiles ...
Страница 646: ...Chapter 13 Unicast and Multicast Routing RUGGEDCOM ROX II CLI User Guide 600 Deleting a Multicast Group Prefix ...
Страница 732: ...Chapter 15 Network Discovery and Management RUGGEDCOM ROX II CLI User Guide 686 Viewing NETCONF Statistics ...
Страница 790: ...Chapter 17 Time Services RUGGEDCOM ROX II CLI User Guide 744 Deleting a Broadcast Multicast Address ...