Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Firewall Feature Set Commands

XSR CLI Reference Guide 16-127

Syntax of the “no” Form

Thenoformofthiscommanddisablestheselectedservice:

no ip firewall service name

Mode

Globalconfiguration:XSR(config)#

Example

ThefollowingexampledefinestheFTPservice(althoughthisisun‐necessaryasitisoneofthe

pre‐definedservices).Thesourceportrangecouldbeanyoftheun‐reservedportsbutthe

destinationmustbe21.

XSR(config)#ip firewall service ftp gt 1023 eq 21 range 21 22 tcp

ip firewall service-group

Thiscommandpermitstheaggregationofmorethanoneserviceobject,providingforeasier

policyconfiguration.Uptotenserviceobjects(andservicegroup)canbeincludedinaservice

group.

Anameforanyfirewallobjectmustusethesealpha‐numericcharactersonly:

A‐Z(upperorlower

case),

0‐9,-(dash),or _(underscore).Also,allfirewallobjectnamesarecase‐sensitive.

Syntax

ip firewall service-group name name1 ... name10

Syntax of the “no” Form

Thenoformofthiscommanddisablesanearlierconfiguredservicegroup:

no ip firewall service-group name

Mode

Globalconfiguration:XSR(config)#

Example

Thefollowingexampleconfiguresservicegroupnetbioswithnetbios1andnetbios2usingports137

and138,respectively,includedasserviceobjects:

XSR(config)#ip firewall service netbios1 137-137 137-137 udp

XSR(config)#ip firewall service netbios2 138-138 138-138 udp

XSR(config)#ip firewall service-group netbios netbios1 netbios2

name

Nameoftheservicegroupobject,nottoexceed16characters.

name1 to name10

Nameoftheserviceorservice‐groupobjects.

previous next