info_i_25x25.png Our ticketing platform provider has scheduled a maintenance window on May 20th, 2018. It will start at 1:00 am UTC on Sunday, May 20th and end at 1:00 pm UTC on Sunday, May 20th. During this time there might be an interruption in the chat service, but all our users will still be able to submit support tickets via the ticket submission form.

EdgeMAX - crear una regla de Firewall

Para crear una regla de firewall, utilice el set o edición comandos (ambos métodos se describen a continuación). Además, utilizar el comparar , descartar , a , top , copia , y cambiar el nombre de comandos. Crear una regla de firewall utilizando la sintaxis completa:

ubnt@ubnt:~$ configure
[edit]
ubnt@ubnt# set firewall name TEST default-action drop
[edit]
ubnt@ubnt# set firewall name TEST enable-default-log
[edit]
ubnt@ubnt# set firewall name TEST rule 10 description “allow icmp”
[edit]
ubnt@ubnt# set firewall name TEST rule 10 action accept
[edit]
ubnt@ubnt# set firewall name TEST rule 10 protocol icmp
[edit]

Para mostrar cambios no confirmados, utilice el comparar comando:

ubnt@ubnt# compare
[edit firewall]
+name TEST {
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit]

Para deshacer los cambios no confirmados, utilizar el descartar comando:

ubnt@ubnt# discard
Changes have been discarded
[edit]
ubnt@ubnt# compare
No changes between working and active configurations
[edit]

Para crear la misma regla de firewall mientras reduce la cantidad de repetición en la sintaxis completa, utilice el edición comando:

ubnt@ubnt# edit firewall name TEST
[edit firewall name TEST]
ubnt@ubnt#set default-action drop
[edit firewall name TEST]
ubnt@ubnt# set enable-default-log
[edit firewall name TEST]
ubnt@ubnt#edit rule 10
[edit firewall name TEST rule 10]

¿Prensa de la ? o ficha clave para mostrar opciones para edita el determinado nivel.

ubnt@ubnt# set
action	disable	ipsec	p2p	source	time
description	fragment	limit	protocol	state	
destination	icmp	log	recent	tcp	
[edit firewall name TEST rule 10]
ubnt@ubnt# set description “allow icmp”
[edit firewall name TEST rule 10]
ubnt@ubnt# set action accept
[edit firewall name TEST rule 10]
ubnt@ubnt# set protocol icmp
[edit firewall name TEST rule 10]

Para mostrar cambios en el nivel de edición, utilice el comparar comando:

ubnt@ubnt# compare
[edit firewall name TEST rule 10]
+action accept
+description “allow icmp”
+protocol icmp
[edit firewall name TEST rule 10]

Para subir un nivel de edición, utilice el a comando:

ubnt@ubnt#up
[edit firewall name TEST]
ubnt@ubnt# compare
[edit firewall name TEST]
+default-action drop
+enable-default-log
+rule 10 {
+	action accept
+	description “allow icmp”
+	protocol icmp
+}
[edit firewall name TEST]
ubnt@ubnt# up
[edit firewall]
ubnt@ubnt# compare
[edit firewall]
+name TEST {
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit firewall]

Para volver al nivel superior de edición, utilice el arriba comando:

ubnt@ubnt# top
[edit]
ubnt@ubnt# compare
[edit firewall]
+name TEST{
+	default-action drop
+	enable-default-log
+	rule 10 {
+		action accept
+		description “allow icmp”
+		protocol icmp
+	}
+}
[edit]

Para mostrar la regla de firewall existente, utilice el Mostrar firewall comando:

ubnt@ubnt# show firewall
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]

Para crear una nueva regla de firewall de una regla de firewall existente, utilice el copia comandos.

ubnt@ubnt# edit firewall
[edit firewall]
ubnt@ubnt# copy name WAN1_LOCAL to name WAN2_LOCAL
[edit firewall]
ubnt@ubnt# commit
[edit firewall]
ubnt@ubnt#top
[edit]
ubnt@ubnt#show firewall
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
name WAN2_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]

Para cambiar el nombre de la nueva regla de firewall, utilice el cambiar el nombre de comandos.

ubnt@ubnt# edit firewall
[edit firewall]
ubnt@ubnt# rename name W[TAB]
WAN1_LOCAL	WAN2_LOCAL
[edit firewall]
ubnt@ubnt# rename name WAN2_LOCAL to name WAN2_IN
[edit firewall]
ubnt@ubnt# commit
[edit firewall]
ubnt@ubnt#top
[edit]
ubnt@ubnt# show firewall name
name WAN1_LOCAL {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
name WAN2_IN {
	default-action drop
	rule 10 {
		action accept
		state {
			established enable
			related enable
		}
	}
	rule 20 {
		action drop
		state {
			invalid enable
		}
	}
	rule 30 {
		action accept
		destination {
			port 22
		}
		protocol tcp
	}
}
[edit]
ubnt@ubnt#