Amer Networks WLO220T CLI User Manual

. . . . .

C O M M A N D D E S C R I P T I O N S

policy

CLI Reference Guide

59

before

set policy before pol_num1 { ... }

before

Specifies the position of the policy before another policy (pol_num) in the access control list
(ACL).

Example

The following command creates a new policy with ID number 3 and positions it before the policy
with ID number 2:

set policy id 3 before 2 from trust to untrust any any any permit

Example

The following command permits any kind of traffic from any address in the trust zone to any
address in the untrust zone and maintains a count of all network traffic to which the policy applies:

set policy from trust to untrust any any any permit count

default-permit-all

set policy default-permit-all

default-permit-all

Allows access without checking the access control list (ACL) for a matching policy.

Example

The following command creates the default-permit -all-policy and marks this policy as a top-talkers
candidate

:

set policy default-permit-all top-talkers

deny | permit | reject

set policy [ global ] { ... } permit | deny | reject [ ... ]

deny | permit | reject

deny Blocks the service at the firewall. The device drops the packet.

permit Allows the specified service to pass from the source address across the firewall to the
destination address.

reject Blocks the service at the firewall. The device drops the packet and sends a TCP reset
(RST) segment to the source host for TCP traffic and an ICMP “destination unreachable, port
unreachable” message (type 3, code 3) for UDP traffic. For types of traffic other than TCP and
UDP, the device drops the packet without notifying the source host, which is also what occurs
when the action is “deny”.

Example

The following command:

• Defines a policy from the Trust zone to the Untrust zone.

• Uses any source or destination IP address.