Belden Hirschmann EAGLE Referenzhandbuch Seite 592
Grafische benutzeroberfläche industrial security router hisecos
Vorschau ausblenden
Andere Handbücher für Hirschmann EAGLE:
- Anwenderhandbuch (50 Seiten) ,
- Anwenderhandbuch (60 Seiten)
Inhaltsverzeichnis
Werbung
Parameter Value
P-7
string
P-8
accept
drop
reject
enforce-modbus
enforce-opc
enforce-iec104
enforce-dnp3
string
P-9
0..32
P-10
3 0 .1 .5
pa c k e t -filt e r l3 m odifyrule
Modifies a rule to the L3 firewall table
Mode: Global Config Mode
Privilege Level: Operator
Format: packet-filter l3 modifyrule <P-1> <P-2> <P-3> <P-4> <P-5> <P-6> <P-7> <P-8>
[description <P-9>] [profile-index <P-10>]
[description]: Rule description/name for the L3 firewall rule
[profile-index]: Profile index of the DPI profile this rule is assigned to depending on enforcer action. Value
0 no profile this rule is assigned to. You cannot assign the rule to an inactive profile if an active enforcer will
mapping to it.
Parameter Value
1..2048
P-1
string
P-2
P-3
string
P-4
string
string
P-5
icmp
P-6
igmp
ipip
tcp
udp
esp
ah
any
P-7
string
accept
P-8
drop
reject
enforce-modbus
enforce-opc
enforce-iec104
enforce-dnp3
string
P-9
P-10
0..32
3 0 .1 .6
pa c k e t -filt e r l3 de lrule
Deletes a rule from L3 rule table
Mode: Global Config Mode
Privilege Level: Operator
Format: packet-filter l3 delrule <P-1>
Parameter Value
1..2048
P-1
3 0 .1 .7
pa c k e t -filt e r l3 e na ble rule
Enables a rule from L3 rule table. A rule can only be activated when all required parameters are set and at least
one interface is mapped to the rule. You cannot activate a rule if an enforcer mappings to an inactive profile.
Mode: Global Config Mode
Privilege Level: Operator
Format: packet-filter l3 enablerule <P-1>
RM CLI EAGLE20/30
Release 04.1 03/2021
Meaning
Parameters for rule (or 'none')
Accept packets
Drop packets without notification
Drop packets and notify source
Accept or drop packets by Modbus TCP/IP enforcer, protocol should be tcp or udp
Accept or drop packets by opc enforcer, protocol should be tcp
Accept or drop packets by IEC104 enforcer, protocol should be tcp
Accept or drop packets by DNP3 enforcer, protocol should be tcp
Rule description/name
Profile index 0 - 32
Meaning
Rule index
Source IP address/CIDR mask/'any'
Source port/port list with comma/port range with hyphen/'any'
Target IP address/CIDR mask/'any'
Target port/port list with comma/port range with hyphen/'any'
Internet Control Message Protocol
Internet Group Management Protocol
IP-within-IP Encapsulation Protocol
Transmission Control Protocol
User Datagram Protocol
Encapsulating Security Protocol
Authentication Header
Any of the above
Parameters for rule (or 'none')
Accept packets
Drop packets without notification
Drop packets and notify source
Accept or drop packets by Modbus TCP/IP enforcer, protocol should be tcp or udp
Accept or drop packets by opc enforcer, protocol should be tcp
Accept or drop packets by IEC104 enforcer, protocol should be tcp
Accept or drop packets by DNP3 enforcer, protocol should be tcp
Rule description/name
Profile index 0 - 32
Meaning
Rule index
Packet Filter
30.1 packet-filter
133
Werbung
Inhaltsverzeichnis
