Chapter 6
Security
RUGGEDCOM ROX II
CLI User Guide
194 Adding an Interface
Section6.9.10.2
Adding an Interface
To configure an interface for a firewall, do the following:
1. Display the list of available interfaces by typing:
show running-config ip
2. Record the name of the chosen interface.
3. Enter Configuration mode by typing:
config
4. Add the interface by typing:
security firewall fwconfig firewall fwinterface name
Where:
• firewall is the name of the firewall
• name is the name of the interface
5. Configure the interface settings by typing the following commands:
Parameter Description
iptype { iptype } Synopsis: { ipv4, ipv6, ipv4ipv6 }
Default: ipv4
Internet protocol type - use both when no addresses are used, otherwise define IPv4 and
IPv6 rules for each type of addresses used.
description { description } Synopsis: A string
(Optional) The description string for this interface
Parameter Description
arp_filter IPv4 ONLY- See additional info. Responds only to ARP requests for configured IP
addresses (This is permanently enabled system wide since ROX 2.3.0, and this option no
longer has any effect).
routeback IPv4 and IPv6 - Interface traffic routed back out that same interface.
tcpflags IPv4 and IPv6. Illegal combinations of TCP flags dropped and logged at info level.
dhcp IPv4 and IPv6 - Allows DHCP datagrams to enter and leave the interface.
norfc1918 Not currently implemented
routefilter IPv4 and IPv6 - Enables /rpfilter/ spoofing protection
proxyarp IPv4 ONLY - Enables proxy ARP.
maclist Not currently implemented
nosmurfs IPv4 ONLY - Packets with broadcast address as source dropped and logged at info level.
logmartians IPv4 ONLY - Logging of packets with impossible source addresses.
6. Associate the interface with a pre-defined zone or mark the associated zone as undefined. For more
information about associating the interface with a zone, refer to Section6.9.10.3, “Associating an Interface
with a Zone”.
To Next Page
Loading...
Need help?
General
