Firewall Table
Name
Interface
Type
Action
Bytes
Packets
Firewall's Rule Table
Enabled
IP Version
Packet Length
DSCP/TC
Protocol
Action
Reject Type
ICMP Type
TCP Flags
Source IP Address
Source Mask/Prefix Length
Source
Port
Range
Destination IP Address
Destination Mask/Prefix Length
Destination
Port
Range
Bytes
Packets
Firewall
a Firewall have a number of Rule which define the behive of match item
Name:
Interface
LAN
WAN
WAN/LAN
Type
In
Out
Action
Permit
Drop
Firewall Rule
a Firewall have a number of Rule which define the behive of match item
Notes:
PacketLength indicates the sum of IP header and payload length;
when Protocol is 'ICMP' or 'ICMPv6',one of IcmpType to be selected;
when Action is 'Reject',one of RejectType to be selected;
Only when Protocol is 'TCP',may RejectType select 'tcp-reset';
Enabled
IP Version
4
6
PacketLength(FROME:TO)
TC(0~255)
DSCP
Auto Marking
default
AF13(001110)
AF12(001100)
AF11(001010)
CS1(001000)
AF23(010110)
AF22(010100)
AF21(010010)
CS2(010000)
AF33(011110)
AF32(011100)
AF31(011010)
CS3(011000)
AF43(100110)
AF42(100100)
AF41(100010)
CS4(100000)
EF(101110)
CS5(101000)
CS6(110000)
CS7(111000)
Protocol
UDP
TCP
ICMP
UDP
TCP
ICMPv6
Action
Permit
Drop
Reject
RejectType
icmp-net-unreachable
icmp-host-unreachable
icmp-port-unreachable
icmp-proto-unreachable
icmp-net-prohibited
icmp-host-prohibited
icmp-admin-prohibited
tcp-reset
icmpv6-no-route-to-destination
icmpv6-administratively-prohibited
icmpv6-address-unreachable
icmpv6-port-unreachable
icmpv6-source-address-failed
icmpv6-reject-route-to-destination
tcp-reset
IcmpType
any
echo-reply
destination-unreachable
network-unreachable
host-unreachable
protocol-unreachable
port-unreachable
fragmentation-needed
source-route-failed
network-unknown
host-unknown
network-prohibited
host-prohibited
TOS-network-unreachable
TOS-host-unreachable
communication-prohibited
host-precedence-violation
precedence-cutoff
source-quench
redirect
network-redirect
host-redirect
TOS-network-redirect
TOS-host-redirect
echo-request
router-advertisement
router-solicitation
time-exceeded
ttl-zero-during-transit
ttl-zero-during-reassembly
parameter-problem
ip-header-bad
required-option-missing
timestamp-request
timestamp-reply
address-mask-request
address-mask-reply
destination-unreachable
no-route
communication-prohibited
address-unreachable
port-unreachable
packet-too-big
time-exceeded
ttl-exceeded
ttl-zero-during-transit
ttl-zero-during-reassembly
parameter-problem
bad-header
unknown-header-type
unknown-option
echo-request
ping
echo-reply
pong
router-solicitation
router-advertisement
neighbour-solicitation
neighbor-solicitation
neighbour-advertisement
neighbor-advertisement
redirect
TCP Flags
SYN
ACK
FIN
RST
URG
PSH
origIPAddress:
origMask/prefixLength
origStartPort
origEndPort
destIPAddress:
destMask/prefixLength
destStartPort
destEndPort