Chapter 43 Content Filtering
ZyWALL Series CLI Reference Guide
379
43.5.2 DNS Content Filter Profile Commands
The following table lists the commands that you can use to configure a DNS content filter profile. Use the
configure terminal command to enter the configuration mode to be able to use these
commands. See Table 205 on page 368 for details about the values you can input with these
commands.
show dns-content-filter
status
Displays the action and log settings for the dns-content-filter
service.
dns-content-filter fake-
dns-response-ttl
<300...86400>
Sets the time period in seconds for redirecting clients to a default or
custom-defined IP address when the clients try to access a blocked FQDN.
If you remove an FQDN from the block list before the response time-to-live
(TTL) time is up, the clients will still be redirected to a default or custom-
defined IP address when they try to access the FQDN.
show dns-content-filter
fake-dns-response-ttl
Displays how long the clients will be redirected to a default or custom-
defined IP address when the clients try to access a blocked FQDN.
Table 209 DNS Content Filter Commands (continued)
COMMAND DESCRIPTION
Table 210 dns-content-filter Profile Commands Summary
COMMAND DESCRIPTION
dns-content-filter profile
profilename
Enter subcommand mode and edit the specified DNS
Content Filter configuration profile. If the profile does not
currently exist, the Zyxel Device creates it.
action {pass | redirect} Choose what the Zyxel Device does when it detects a
prohibited DNS query packet.
pass: Have the Zyxel Device allow the DNS query packet
and not reply a DNS reply packet with a fake IP for it.
redirect: Have the Zyxel Device reply with a DNS reply
packet containing a default or custom-defined IP address.
The default redirect IP is the IP address of the DNS Content
Filter server (dnsft.cloud.zyxel.com).
[no] black-list activate Enables or disables the DNS Content Filter black list for this
profile.
[no] category
category_name
The Zyxel Device considers DNS queries that match the
specified category to be prohibited.
The no command means the Zyxel Device ignores DNS
queries that match the specified category.
description description Sets a description for the profile. You can use up to 60
printable ASCII characters.
[no] description Deletes the description for this profile.
[no] log The Zyxel Device generates a log message when it detects a
prohibited DNS query packet.
The no command means the Zyxel Device does not generate
a log message or alert when it detects a DNS query packet.
log-alert The Zyxel Device generates a log message and an alert
when it detects a prohibited DNS query packet.
[no] white-list activate Enables or disables the DNS Content Filter white list for this
profile.
To Next Page
Loading...
