Support User Manuals

Enterasys Networks XSR CLI Router User Manual

Open as PDF

of 684

Firewall Interface Commands

XSR CLI Reference Guide 16-129

Examples

Thefollowingexamplesconfigurevalidinputs:

ip firewall url-load-black-list blacklist.txt

ip firewall url-load-black-list flash:blacklist.txt

ip firewall url-load-white-list cflash:whitelist.txt

Firewall Interface Commands

ip firewall disable

Thiscommanddisablesfirewalloperationonaparticularinterfacediscretefromitsapplication

globally.ThecommandbehavesseparatelyandinteractivelyatGlobalandInterfacemodesas

follows:

•Thesystem‐levelfirewallisdisabledbydefault.

•Theinterface‐levelfirewallisenabledbydefaultunlessexplicitlydisabled.

•Ifthefirewallisenabled,packet

inspectionwilloccuronallinterfacesthathavethefirewall

enabledattheinterfacelevel.

•Aparticularinterfacemaybeenabledbutsubsequentlydisablingthefirewallglobally

overridesallenabledinterfaces

•Ifyouenablethefirewallglobally,allinterfaceswillbeenableduntilyousubsequentlydisable

aparticularinterface

•

Enabledisplaysinrunning-config,butnotdisable

•Evenifyouhavenotconfiguredthefirewall,entering ip firewall enablewillturnon

packetinspection.

Syntax

ip firewall disable

Syntax of the “no” Form

Thenoformofthiscommandenablesthefirewallonaselectedinterface:

no ip firewall disable

Default

Enabled

Mode

Interfaceconfiguration:XSR(config-if<xx>)#

Note: With the firewall enabled, source address validation (HostDoS checkspoof) is also enabled.

This service can improve security in some situations but erroneously discard valid packets in

situations where inbound and outbound paths differ as well as negatively impact some routing

protocols.

previous next