add rule Subcommand
add rule "name_SERVICE" name_ADDRESS
Appends the rule to the end of the list of rules in the policy. insert rule should be used to position a new rule into an existing policy.
The following fields are optional and can be specified in any order after the rule keyword:
ALLOW {default if no ACTION specified}
DENY
LOG NONE {also LOG_NONE, default if no LOG is specified}
LOG SUMMARY {also LOG_SUMMARY}
LOG DETAILED {also LOG_DETAILED}
LOG SESSION {also LOG_SESSION, only valid for ALLOW rules, will be error for DENY}
SNMP {"on" if present, "off" otherwise}
USER "name_USER" {only used if PROXY_FTP or PROXY_Telnet set below }
TIME "name_TIME"
SCREEN "name_SCREEN"
COMMENT "comment string"
The following combo-field is optional and only valid in a rule that has ALLOW specified. It can be specified anywhere after the rule keyword:
SKIP_VERSION_1 "name_CERTIFICATE" "name_CERTIFICATE" "name_KEY_ALGORITHM" "name_DATA_ALGORITHM"
SKIP_VERSION_2 "name_CERTIFICATE" "name_CERTIFICATE" "name_KEY_ALGORITHM" "name_DATA_ALGORITHM" "name_MAC_ALGORITHM" "name_COMPRESSION_ALGORITHM"
The following fields are optional and only valid within a SKIP_VERSION_1 or SKIP_VERSION_2 combo-field. They can be specified in any order after the SKIP_VERSION_# keyword:
SOURCE_TUNNEL "name_ADDRESS"
DESTINATION_TUNNEL "name_ADDRESS"
The following field is optional and only valid in a rule that has DENY specified. It can be specified anywhere after the rule keyword:
ICMP NONE {also ICMP_NONE, default if nothing is specified}
ICMP NET_UNREACHABLE {also ICMP_NET_UNREACHABLE}
ICMP HOST_UNREACHABLE {also ICMP_HOST_UNREACHABLE}
ICMP PORT_UNREACHABLE {also ICMP_PORT_UNREACHABLE}
ICMP NET_FORBIDDEN {also ICMP_NET_FORBIDDEN}
ICMP HOST_FORBIDDEN {also ICMP_HOST_FORBIDDEN}
The following field is optional and only valid in a rule that has ALLOW specified and NO SKIP information. It can be specified anywhere after the rule keyword:
VPN "name_VPN"
The following fields are optional and only valid in a rule that has not specified any SKIP information and no VPN. They can be specified anywhere after the rule keyword. Only one of them can be specified in a given rule.
PROXY_FTP
PROXY_HTTP
PROXY_SMTP
PROXY_Telnet
The following fields are optional and only valid in a rule that has specified PROXY_FTP. They can be specified anywhere after the PROXY_FTP keyword:
FTP_GET
NO_FTP_GET {default if FTP_GET not specified}
FTP_PUT
NO_FTP_PUT (default if FTP_PUT not specified}
FTP_CHDIR
NO_FTP_CHDIR {default if FTP_CHDIR not specified}
FTP_MKDIR
NO_FTP_MKDIR {default if FTP_MKDIR not specified}
FTP_RENAME
NO_FTP_RENAME {default if FTP_RENAME not specified}
FTP_REMOVE_DIR
NO_FTP_REMOVE_DIR {default if FTP_REMOVE_DIR not specified}
FTP_DELETE
NO_FTP_DELETE {default if FTP_DELETE not specified}
The following fields are optional and only valid in a rule that has specified PROXY_HTTP. They can be specified anywhere after the PROXY_HTTP keyword:
COOKIES
NO_COOKIES {default if COOKIES not specified}
ACTIVE_X
NO_ACTIVE_X {default if ACTIVE_X not specified}
SSL
NO_SSL {default if SSL not specified}
JAVA_SIGNATURE
JAVA_HASH
JAVA_SIGNATURE_HASH
JAVA
NO_JAVA {default if no other JAVA setting is specified}
The following fields are optional and only valid in a rule that has specified PROXY_SMTP. They can be specified anywhere after the PROXY_SMTP keyword: RELAY
NO_RELAY {default if RELAY not specified}
- © 2010, Oracle Corporation and/or its affiliates