<rule-number> | Rule number from 1 to <n>, start, or end. Appliances evaluate rules in numerical order starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. |
protocol <protocol> | Specifies the protocol name (all, icmp, tcp, udp), or protocol number (1, 6, 17) in the IP packet header. The default setting is all. |
service <service> | Specifies the service name: http, https, snmp, ssh, soap, or telnet. |
action allow | Allows a matching packet access to the appliance. This is the default action. |
action deny | Denies access to and logs any matching packets. |
description <description> | Provides a description to facilitate communication about network administration. |
dstport <port-number> | Specifies the destination port. You can also specify port ranges: for example, 1000 to 30000 |
interface <interface> | Specifies the interface: primary, aux, or inpath0_0. |
log on | Enables logging for this command. |
log off | Disables logging for this command. |
srcaddr <subnet> | Specifies the source subnet. For the subnet address, use the format XXX.XXX.XXX.XXX/XX. |