firewall command

Use this command to configure the firewall to restrict access from certain addresses and optionally limits access time frame. If no option is specified, the current settings will be displayed.

Syntax:

firewall [-options]

Table 1. firewall options
Option	Description	Values
The following option is for IP address whitelist
-wips	Show/configure the whitelist IP addresses.	<Valid IP addresses>, clr Valid IP addresses: Permit 1-3 IP addresses (comma separated, CIDR or range) Note IPv4 and IPv6 addresses can use CIDR format to block a range of addresses. -clr: Clear the whitelist
The following options are for Block List and Time Restriction
-bips	Block 1-3 IP addresses (comma separated, CIDR or range)	Valid IP addresses Note IPv4 and IPv6 addresses can use CIDR format to block a range of addresses.
-bmacs	Block 1-3 MAC addresses (comma separated)	Valid MAC addresses Note MAC address filtering works only with specific addresses.
-bbt	Block begin time, must be later than current time	Time with format <YYYY-MM-DD HH:MM>
-bet	Block end time, must be later than begin time	Time with format <YYYY-MM-DD HH:MM>
-bti	Block 1-3 time intervals (comma separated) e.g., firewall - bti 01:00–02:00,05:05–10:30 will block access during 01:00-02:00 & 05:05-10:30 every day	Time range with format <HH:MM-HH:MM>
-clr	Clear the firewall rule for a given type	ip, mac, datetime, interval, all
The following options are for IP address blocking
-iplp	IP address lockout period in minutes.	Numeric value between 0 and 2880, 0 = never expire
-iplf	Maximum number of login failures before IP address is locked out.	Numeric value between 0 and 32, 0 = never lock Note If this value is not 0, then it must be greater than or equal to <Maximum number of login failures> that is set by <accseccfg -lf>
-ipbl	Show/configure the list of IP addresses being locked out.	del, clrall, show -del: delete an IPv4 or IPv6 address from block list -clrall: clear all blocking IP -show: show all blocking IPs

Examples of the syntax for the firewall command are presented in the following list:

To show all options’ value and IP addresses blocking list enter firewall.
To block the access from multi IPs enter firewall -bips 192.168.1.1,192.168.1.0/24,192.168.1.1-192.168.1.5.
To block all access during 01:00-02:00,05:05-10:30,14:15-20:00 every day enter firewall -bti 01:00-02:00,05:05-10:30,14:15-20:00.
To clear all rules of Block List and Time Restriction enter firewall –clr all.
To set IP address lockout period to 60 minutes enter firewall -iplp 60.
To set maximum number of login failures to 5 times enter firewall -iplf 5.
To delete 192.168.100.1 from IP address blocking list enter firewall -ipbl -del 192.168.100.1.
To delete 3fcc:1234::2 from IP address blocking list enter firewall –ipbl -del 3fcc:1234::2.
To delete all blocking IP addresses enter firewall –ipbl –clrall.
To show all blocking IP addresses enter firewall –ipbl –show.

Give documentation feedback