Section 31.3.12 – Westermo RedFox Series User Manual

Westermo OS Management Guide

Version 4.17.0-0

Example

example:/config/ip/firewall/#> show filter
001 filter allow in vlan1 proto icmp
002 filter allow in vlan2 proto icmp
003 filter deny in vlan1 out vlan2 proto icmp
004 filter allow in vlan1 out vlan2
example:/config/ip/firewall/#> passive filter 3
example:/config/ip/firewall/#> show filter
001 filter allow in vlan1 proto icmp
002 filter allow in vlan2 proto icmp
003 filter deny in vlan1 out vlan2 proto icmp passive
004 filter allow in vlan1 out vlan2
example:/config/ip/firewall/#> no passive filter 3
example:/config/ip/firewall/#> show filter
001 filter allow in vlan1 proto icmp
002 filter allow in vlan2 proto icmp
003 filter deny in vlan1 out vlan2 proto icmp
004 filter allow in vlan1 out vlan2

31.3.12

Configuration of firewall logging

This command has two uses, [1] to configure logging (and limit), and [2] to toggle
the log flag on firewall rules.

Syntax 1 [no] log limit ( none | /(second|minute|hour|day) )

Syntax 2 [no] log [filter|nat|port-forward]

Context

Firewall Configuration

context

Usage 1 Enable/disable firewall logging and set rate limitation of firewall log

entries. This is a master control enabling the logging feature.
A rate limit must be provided or “none” to disable limit, i.e. log everything.
The limit is set as a number followed by a slash character “/” and a time
unit. The time unit is one of “second”, “minute”, “hour” or “day”. See

section 31.1.6

for information about how limitation operates.

All firewall logging is disabled by using the command: ”no log”

Use ”show log” to show if firewall logging is enabled or disabled, and the
rate limitation setting.

Note

Besides enabling logging with this command, you also need to enable
logging on individual firewall rules for anything to be logged.

744

➞ 2015 Westermo Teleindustri AB