EdgeMAX - crear una regla de Firewall

Para crear una regla de firewall, utilice el set o edición comandos (ambos métodos se describen a continuación). Además, utilizar el comparar , descartar , a , top , copia , y cambiar el nombre de comandos. Crear una regla de firewall utilizando la sintaxis completa:

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set firewall name TEST default-action drop
[edit]
ubnt@ubnt# set firewall name TEST enable-default-log
[edit]
ubnt@ubnt# set firewall name TEST rule 10 description “allow icmp”
[edit]
ubnt@ubnt# set firewall name TEST rule 10 action accept
[edit]
ubnt@ubnt# set firewall name TEST rule 10 protocol icmp
[edit]

Para mostrar cambios no confirmados, utilice el comparar comando:

ubnt@ubnt# compare
[edit firewall]
+name TEST {
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit]

Para deshacer los cambios no confirmados, utilizar el descartar comando:

ubnt@ubnt# discard
Changes have been discarded
[edit]
ubnt@ubnt# compare
No changes between working and active configurations
[edit]

Para crear la misma regla de firewall mientras reduce la cantidad de repetición en la sintaxis completa, utilice el edición comando:

ubnt@ubnt# edit firewall name TEST
[edit firewall name TEST]
ubnt@ubnt#set default-action drop
[edit firewall name TEST]
ubnt@ubnt# set enable-default-log
[edit firewall name TEST]
ubnt@ubnt#edit rule 10
[edit firewall name TEST rule 10]

¿Prensa de la ? o ficha clave para mostrar opciones para edita el determinado nivel.

ubnt@ubnt# set
action	disable	ipsec	p2p	source	time
description	fragment	limit	protocol	state	
destination	icmp	log	recent	tcp	
[edit firewall name TEST rule 10]
ubnt@ubnt# set description “allow icmp”
[edit firewall name TEST rule 10]
ubnt@ubnt# set action accept
[edit firewall name TEST rule 10]
ubnt@ubnt# set protocol icmp
[edit firewall name TEST rule 10]

Para mostrar cambios en el nivel de edición, utilice el comparar comando:

ubnt@ubnt# compare
[edit firewall name TEST rule 10]
+action accept
+description “allow icmp”
+protocol icmp
[edit firewall name TEST rule 10]

Para subir un nivel de edición, utilice el a comando:

ubnt@ubnt#up
[edit firewall name TEST]
ubnt@ubnt# compare
[edit firewall name TEST]
+default-action drop
+enable-default-log
+rule 10 {
+	action accept
+	description “allow icmp”
+	protocol icmp
+}
[edit firewall name TEST]
ubnt@ubnt# up
[edit firewall]
ubnt@ubnt# compare
[edit firewall]
+name TEST {
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit firewall]

Para volver al nivel superior de edición, utilice el arriba comando:

ubnt@ubnt# top
[edit]
ubnt@ubnt# compare
[edit firewall]
+name TEST{
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit]

Para mostrar la regla de firewall existente, utilice el Mostrar firewall comando:

ubnt@ubnt# show firewall
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]

Para crear una nueva regla de firewall de una regla de firewall existente, utilice el copia comandos.

ubnt@ubnt# edit firewall
[edit firewall]
ubnt@ubnt# copy name WAN1_LOCAL to name WAN2_LOCAL
[edit firewall]
ubnt@ubnt# commit
[edit firewall]
ubnt@ubnt#top
[edit]
ubnt@ubnt#show firewall
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
name WAN2_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]

Para cambiar el nombre de la nueva regla de firewall, utilice el cambiar el nombre de comandos.

ubnt@ubnt# edit firewall
[edit firewall]
ubnt@ubnt# rename name W[TAB]
WAN1_LOCAL	WAN2_LOCAL
[edit firewall]
ubnt@ubnt# rename name WAN2_LOCAL to name WAN2_IN
[edit firewall]
ubnt@ubnt# commit
[edit firewall]
ubnt@ubnt#top
[edit]
ubnt@ubnt# show firewall name
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
name WAN2_IN {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]
ubnt@ubnt#