Chapter 29 Secure Policy
ZyWALL Series CLI Reference Guide
227
[no] ctmatch {dnat | snat}
Use dnat to block packets sent from a computer on the Zyxel
Device’s WAN network from being forwarded to an internal
network according to a virtual server rule.
Use snat to block packets sent from a computer on the Zyxel
Device’s internal network from being forwarded to the WAN
network according to a 1:1 NAT or Many 1:1 NAT rule.
The no command forwards the matched packets.
Subcommands cannot be used with secure-policy6.
[no] description description
Sets a descriptive name (up to 60 printable ASCII characters) for
a secure policy rule. The no command removes the descriptive
name from the rule.
[no] destinationip
address_object
Sets the destination IP address. The no command resets the
destination IP address(es) to the default (any). any
means all IP
addresses.
[no] destinationip6
address_object
Sets the destination IPv6 address. The no command resets the
destination IP address(es) to the default (any). any
means all IP
addresses.
[no] from zone_object
Sets the zone on which the packets are received. The no
command removes the zone on which the packets are received
and resets it to the default (any) meaning all interfaces or VPN
tunnels.
[no] log [alert]
Sets the Zyxel Device to create a log (and optionally an alert)
when packets match this rule. The no command sets the Zyxel
Device not to create a log or alert when packets match this rule.
[no] schedule schedule_object
Sets the schedule that the rule uses. The no command removes
the schedule settings from the rule.
[no] service service_name
Sets the service to which the rule applies. The no command resets
the service settings to the default (any). any means all services.
[no] sourceip address_object
Sets the source IP address(es). The no command resets the
source IP address(es) to the default (any). any
means all IP
addresses.
[no] sourceip6 address_object
Sets the source IP address(es). The no command resets the
source IP address(es) to the default (any). any
means all IP
addresses.
[no] sourceport {tcp|udp} {eq
<1..65535>|range <1..65535>
<1..65535>}
Sets the source port for a secure policy rule. The no command
removes the source port from the rule.
[no] to {zone_object|ZyWALL}
Sets the zone to which the packets are sent. The no command
removes the zone to which the packets are sent and resets it to
the default (any). any means all interfaces or VPN tunnels.
[no] user user_name
Sets a user-aware secure policy rule. The rule is activated only
when the specified user logs into the system. The
no command
resets the user name to the default (any). any
means all users.
Subcommands cannot be used with secure-policy6.
secure-policy <profile name>
Creates a secure policy rule. You may use 1-31 alphanumeric
characters, underscores(
_), or dashes (-), but the first character
cannot be a number. This value is case-sensitive.
Table 114 firewall Sub-commands (continued)
COMMAND DESCRIPTION
To Next Page
Loading...
