firewall cp
firewall cp
ipv4|ipv6 deny|permit <ip-addr><ip-mask>|any|{host <ip-addr>} proto{<ip-protocol-number> ports <start port number><end port number>}|ftp|http|https|icmp|snmp|ssh|telnet|tftp [bandwidth-contract <name>|<pbwm>]
no...
Description
This command creates whitelist
Parameter |
Description |
ipv4|ipv6 |
Specifies ipv4 or ipv6. |
deny|permit |
Specifies the entry to reject (deny) on the session ACL whitelist Specifies an entry that is allowed (permit) on the session ACL whitelist |
<ip-addr><ip-mask> |
IPv4/IPv6 source address and source mask. |
any |
Specifies any IPv4 or IPv6 source address. |
host <ip-addr> |
Indicates a specific IPv4 or IPv6 source address. |
proto |
Specify one of the following protocols used by the session traffic: |
Specify the name of a bandwidth contract. configures a bandwidth contract traffic rate, which can then be associated with a whitelist |
|
position <prio> |
Specity filter position. Default is last position. 1 is first position. |
IP protocol number |
Specifies the IP protocol number that is permitted or denied. 1-255 |
start port |
Specifies the starting port, in the port range, on which session traffic is running. 1-65535 |
end port |
Specifies the last port, in the port range, on which session traffic is running. 1-65535 |
<pbwm> |
Bandwidth rate in packets/seconds. 1–64000 |
Example
The following command creates a whitelist
(host) [/md] (config-fw-cp) #ipv4 permit 10.10.10.10 2.2.2.2 proto ftp bandwidth-contract name mycontract
The following command creates a whitelist
(host) [/md] (config-fw-cp) #deny proto 6 ports 5000 6000
The following example configures a bandwidth contract named “cp-rate” with a rate of 100 pps.
(host) [/md] (config) #cp-bandwidth-contract cp-rate pps 100
The following example displays a configuration in which ports deactivated by default are enabled:
(DR-Mode) *[mm] (config) #firewall cp
(DR-Mode) ^*[mm] (config-submode)#ipv4 permit any proto 6 ports 389 389
(DR-Mode) ^*[mm] (config-submode)#write memory
Saving Configuration...
Configuration Saved.
(DR-Mode) *[mm] (config-submode)#show firewall-cp
CP firewall policies
--------------------
IP Version Source IP Source Mask Protocol Start Port End Port Action hits contract wancp
---------- --------- ----------- -------- ---------- -------- -------------- ---- -------- -----
ipv4 any 6 6633 6633 Permit 0 0
ipv4 any 6 389 389 Permit 0 0
(DR-Mode) *[mm] (config-submode)#no ipv4 permit any proto 6 ports 389 389
(DR-Mode) ^*[mm] (config-submode)#write memory
Saving Configuration...
Configuration Saved.
(DR-Mode) *[mm] (config-submode)#show firewall-cp
CP firewall policies
--------------------
IP Version Source IP Source Mask Protocol Start Port End Port Action hits contract wancp
---------- --------- ----------- -------- ---------- -------- -------------- ---- -------- -----
ipv4 any 6 6633 6633 Permit 0 0
(DR-Mode) *[mm] (config-submode)#
Related Commands
Command |
Description |
Show Control Processor (CP) whitelist |
Command History
Release |
Modification |
AOS 8.9.0.0 |
All instances of All instances of |
AOS 8.0.0.0 |
Command introduced. |
Command Information
Platforms |
License |
Command Mode |
All platforms |
Base operating system, except for noted parameters. |
Config mode on Mobility Conductor. |