Skip to main content

firewall command

Use this command to configure the firewall to restrict access from certain addresses and optionally limits access time frame. If no option is specified, the current settings will be displayed.

Syntax:
firewall [-options]
Table 1. firewall options
OptionDescriptionValues
The following option is for IP address whitelist
-wipsShow/configure the whitelist IP addresses.
  • Valid IP addresses: Permit 1-3 IP addresses (comma separated, CIDR or range)
    Note
    IPv4 and IPv6 addresses can use CIDR format to block a range of addresses.
  • -clr: Clear the whitelist
The following options are for Block List and Time Restriction
-bipsBlock 1-3 IP addresses (comma separated, CIDR or range)Valid IP addresses
Note
IPv4 and IPv6 addresses can use CIDR format to block a range of addresses.
-bmacsBlock 1-3 MAC addresses (comma separated)Valid MAC addresses
Note
MAC address filtering works only with specific addresses.
-bbtBlock begin time, must be later than current timeTime with format <YYYY-MM-DD HH:MM>
-betBlock end time, must be later than begin timeTime with format <YYYY-MM-DD HH:MM>
-bti

Block 1-3 time intervals (comma separated)

e.g., firewall - bti 01:00–02:00,05:05–10:30 will block access during 01:00-02:00 & 05:05-10:30 every day

Time range with format <HH:MM-HH:MM>
-clrClear the firewall rule for a given typeip, mac, datetime, interval, all
The following options are for IP address blocking
-iplpIP address lockout period in minutes.Numeric value between 0 and 2880, 0 = never expire
-iplfMaximum number of login failures before IP address is locked out.Numeric value between 0 and 32, 0 = never lock
Note
If this value is not 0, then it must be greater than or equal to Maximum number of login failures that is set by accseccfg -lf
-ipblShow/configure the list of IP addresses being locked out.
  • -del: delete an IPv4 or IPv6 address from block list
  • -clrall: clear all blocking IP
  • -show: show all blocking IPs
Examples of the syntax for the firewall command are presented in the following list:
  • To show all options’ value and IP addresses blocking list enter firewall.
  • To block the access from multi IPs enter firewall -bips 192.168.1.1,192.168.1.0/24,192.168.1.1-192.168.1.5.
  • To block all access during 01:00-02:00,05:05-10:30,14:15-20:00 every day enter firewall -bti 01:00-02:00,05:05-10:30,14:15-20:00.
  • To clear all rules of Block List and Time Restriction enter firewall –clr all.
  • To set IP address lockout period to 60 minutes enter firewall -iplp 60.
  • To set maximum number of login failures to 5 times enter firewall -iplf 5.
  • To delete 192.168.100.1 from IP address blocking list enter firewall -ipbl -del 192.168.100.1.
  • To delete 3fcc:1234::2 from IP address blocking list enter firewall –ipbl -del 3fcc:1234::2.
  • To delete all blocking IP addresses enter firewall –ipbl –clrall.
  • To show all blocking IP addresses enter firewall –ipbl –show.