User Guide
ISDN Router Manual V.1.1
32
5.7 Configure Firewall and Network Address Translation
config firewall <command> <action> <protocol> <address>
command = { add, delete, flush, zero }
action = { allow, count, deny, divert, reject, reset }
protocol = { ip, icmp, tcp, udp }
address = from { any, <IP address/netmask:port> }
to { any, <address/netmask:port> } via { any, ether, isdn }
add Add an entry to the firewall/accounting rule list
delete Delete an entry from the firewall/accounting rule list
flush This causes all entries in the firewall chain to be removed except the fixed default
policy enforced by the kernel (index 65535). Use caution when flushing rules, the
default deny policy will leave your system cut off from the network until allow
entries are added to the chain.
zero <index>When used without an index argument, all packet counters are cleared. If an index is
supplied, the clearing operation only affects a specific chain entry.
reject Drop the packet, and send an ICMP host or port unreachable (as appropriate) packet
to the source.
allow Pass the packet on as normal. (aliases: pass and accept)
deny Drop the packet. The source is not notified via an ICMP message (thus it appears
that the packet never arrived at the destination).
count Update packet counters but do not allow/deny the packet based on this rule.The
search continues with the next chain entry.
all Matches any IP packet
icmp Matches ICMP packets
tcp Matches TCP packets