firewall command
Use this command to configure the firewall to restrict access from certain addresses and optionally limits access time frame. If no option is specified, the current settings will be displayed.
Syntax:
firewall [-options]
Option | Description | Values |
---|---|---|
The following option is for IP address whitelist | ||
-wips | Show/configure the whitelist IP addresses. |
|
The following options are for Block List and Time Restriction | ||
-bips | Block 1-3 IP addresses (comma separated, CIDR or range) | Valid IP addresses Note IPv4 and IPv6 addresses can use CIDR format to block a range of addresses. |
-bmacs | Block 1-3 MAC addresses (comma separated) | Valid MAC addresses Note MAC address filtering works only with specific addresses. |
-bbt | Block begin time, must be later than current time | Time with format <YYYY-MM-DD HH:MM> |
-bet | Block end time, must be later than begin time | Time with format <YYYY-MM-DD HH:MM> |
-bti | Block 1-3 time intervals (comma separated) e.g., firewall - bti 01:00–02:00,05:05–10:30 will block access during 01:00-02:00 & 05:05-10:30 every day | Time range with format <HH:MM-HH:MM> |
-clr | Clear the firewall rule for a given type | ip, mac, datetime, interval, all |
The following options are for IP address blocking | ||
-iplp | IP address lockout period in minutes. | Numeric value between 0 and 2880, 0 = never expire |
-iplf | Maximum number of login failures before IP address is locked out. | Numeric value between 0 and 32, 0 = never lock Note If this value is not 0, then it must be greater than or equal to |
-ipbl | Show/configure the list of IP addresses being locked out. |
|
Examples of the syntax for the firewall command are presented in the following list:
- To show all options’ value and IP addresses blocking list enter firewall.
- To block the access from multi IPs enter firewall -bips 192.168.1.1,192.168.1.0/24,192.168.1.1-192.168.1.5.
- To block all access during 01:00-02:00,05:05-10:30,14:15-20:00 every day enter firewall -bti 01:00-02:00,05:05-10:30,14:15-20:00.
- To clear all rules of Block List and Time Restriction enter firewall –clr all.
- To set IP address lockout period to 60 minutes enter firewall -iplp 60.
- To set maximum number of login failures to 5 times enter firewall -iplf 5.
- To delete 192.168.100.1 from IP address blocking list enter firewall -ipbl -del 192.168.100.1.
- To delete 3fcc:1234::2 from IP address blocking list enter firewall –ipbl -del 3fcc:1234::2.
- To delete all blocking IP addresses enter firewall –ipbl –clrall.
- To show all blocking IP addresses enter firewall –ipbl –show.
Give documentation feedback