Chapter 20 Application Patrol
ZyWALL (ZLD) CLI Reference Guide
166
20.2.3 Exception Commands for Pre-defined Applications
This table lists the commands for exception rules for application access controls. These commands
are used for backward compatible only.
20.2.3.1 Exception Rule Sub-commands
The following table describes the sub-commands for several application patrol exception rule
commands. Note that not all rule commands use all the sub-commands listed here.
Table 85 app Commands: Exception Rules in Pre-Defined Applications
COMMAND DESCRIPTION
app protocol_name exception insert rule_number Creates a new rule at the specified row and enters sub-command
mode. See Table 86 on page 166 for the sub-commands.
app protocol_name exception append Creates a new rule, appends it to the end of the list, and enters
sub-command mode. See Table 86 on page 166 for the sub-
commands.
app protocol_name exception rule_number Enters sub-command mode for editing the rule at the specified
row. See Table 86 on page 166 for the sub-commands.
app protocol_name exception rule_number
or
app protocol_name exception modify rule_number
Enters sub-command mode for editing the rule at the specified
row. See Table 86 on page 166 for the sub-commands.
app protocol_name exception default
or
app protocol_name exception modify default
Enters sub-command mode for editing the default rule for the
application. See Table 86 on page 166 for the sub-commands.
app protocol_name exception move rule_number
to rule_number
Moves the specified rule (first index) to the specified location. The
process is (1) remove the specified rule from the table; (2) re-
number; (3) insert the rule at the specified location.
Table 86 app patrol exception rule Sub-commands
COMMAND DESCRIPTION
access {forward | drop | reject} Specifies the action when traffic matches the rule.
[no] action-block
{login|message|audio|video|file-
transfer}
Blocks use of a specific feature.
[no] activate Turns on this rule. The
no command turns off this rule.
bandwidth {inbound | outbound}
<0..1048576>
Limits inbound or outbound bandwidth, in kilobits per second. 0
disables bandwidth management for traffic matching this rule.
[no] bandwidth excess-usage Enables maximize bandwidth usage to let the traffic matching this
policy “borrow” any unused bandwidth on the out-going interface.
bandwidth priority <1..7> Set the priority for traffic that matches this rule. The smaller the
number, the higher the priority.
[no] destination profile_name Adds the specified destination address to the rule.
[no] from zone_name Specifies the source zone.
[no] inbound-dscp-mark {<0..63> | class
{default | dscp_class}}
This is how the ZyWALL handles the DSCP value of the outgoing
packets to a connection’s initiator that match this policy.
Enter a DSCP value to have the ZyWALL apply that DSCP value. Set
this to the class default to have the ZyWALL set the DSCP value to
0.
[no] log [alert] Creates log entries (and alerts) for traffic that matches the rule. The
no command does not create any log entries.
To Next Page
Loading...
