ZyXEL Communications Internet Security Gateway ZyWALL 2 Series User Manual

ZyWALL 2 Series User’s Guide

Firewall Commands

L-3

Chart L-1 Firewall Commands

FUNCTION

COMMAND

DESCRIPTION

config edit firewall attack block

Set this command to yes to block new traffic after
the tcp-max-incomplete threshold is exceeded. Set
it to no to delete the oldest half-open session when
traffic exceeds the tcp-max-incomplete threshold.

config edit firewall attack block-
minute <0-255>

This command sets the number of minutes for new
sessions to be blocked when the tcp-max-
incomplete threshold is reached. This command is
only valid when block is set to yes.

config edit firewall attack minute-
high <0-255>

This command sets the threshold rate of new half-
open sessions per minute where the ZyWALL starts
deleting old half-opened sessions until it gets them
down to the minute-low threshold.

config edit firewall attack minute-
low <0-255>

This command sets the threshold of half-open
sessions where the ZyWALL stops deleting half-
opened sessions.

config edit firewall attack max-
incomplete-high <0-255>

This command sets the threshold of half-open
sessions where the ZyWALL starts deleting old half-
opened sessions until it gets them down to the max
incomplete low.

config edit firewall attack max-
incomplete-low <0-255>

This command sets the threshold where the
ZyWALL stops deleting half-opened sessions.

config edit firewall attack tcp-
max-incomplete <0-255>

This command sets the threshold of half-open TCP
sessions with the same destination where the
ZyWALL starts dropping half-open sessions to that
destination.

S

S

e

e

t

t

s

s

config edit firewall set
name

This command sets a name to identify a specified
set.