<0~255> session
max-incomp
lete-high
<0~255>
The threshold to start to delete the old half-opened
sessions to max-incomplete-low
max-incomp
lete-low
<0~255>
The threshold to stop deleting the half-opened session
tcp-max-inc
omplete
<0~255>
The threshold to start executing the block field
set <set#> name
<desired
name>
Edit the name for a set
default-perm
it
<forward|blo
ck>
Edit whether a packet is dropped or allowed when it does
not match the default set
icmp-timeou
t <seconds>
Edit the timeout for an idle ICMP session before it is
terminated
udp-idle-tim
eout
<seconds>
Edit the timeout for an idle UDP session before it is
terminated
connection-t
imeout
<seconds>
Edit the wait time for the SYN TCP sessions before it is
terminated
fin-wait-tim
eout
<seconds>
Edit the wait time for FIN in concluding a TCP session
before it is terminated
tcp-idle-time
out
<seconds>
Edit the timeout for an idle TCP session before it is
terminated
pnc
<yes|no>
PNC is allowed when 'yes' is set even there is a rule to
block PNC
log <yes|no> Switch on/off sending the log for matching the default
permit
logone
<yes|no>
Switch on/off for one packet that create just one log
message.
rule
<rule#>
action <permit | drop
| reject>
Edit whether a packet is permitted, dropped or rejected
when it matches this rule
name <string> Edit/Update rule name with <string>
active <yes|no> Edit whether a rule is enabled or not
protocol <0~255> Edit the protocol number for a rule. 1=ICMP, 6=TCP,
17=UDP...
log
<none|match|not-ma
tch|both>
Sending a log for a rule when the packet
none|matches|not match|both the rule
alert <yes|no> Activate or deactivate the notification when a DoS attack
occurs or there is a violation of any alert settings. In case
of such instances, the function will send an email to the
SMTP destination address and log an alert.
srcaddr-single <ip
address>
Select and edit a source address of a packet which
complies to this rule
srcaddr-subnet <ip
address> <subnet
mask>
Select and edit a source address and subnet mask if a
packet which complies to this rule.
srcaddr-range <start
ip address> <end ip
address>
Select and edit a source address range of a packet which
complies to this rule.
To Next Page
Loading...
