Ip firewall service – Enterasys Networks X-Pedition XSR CLI User Manual
Page 670
Firewall Feature Set Commands
16-126 Configuring Security
Syntax of the “no” Form
The no form of this command sets the default RPC timeout value:
no ip firewall rpc timeout
Default
5 seconds
Mode
Global configuration:
XSR(config)#
Example
The following example resets the Microsoft RPC idle timeout interval to 10 minutes:
XSR(config)#ip firewall rpc microsoft-rpc timeout 6000
ip firewall service
This command defines a service object which reflects an application, its transport protocol (TCP or
UDP), protocol type and port number ranges. The XSR supports a number of pre‐defined services
which can be viewed with
show ip firewall user-services
. Services can be directly cited in
policy objects or you can add your own service. Intrinsic services ANY_TCP and ANY_UDP are
available for all TCP or UDP ports.
A service is comprised of a source and destination port range, and protocol. For flexibility, port
ranges can be specified using qualifiers such as eq, lt and gt which are also available for
configuring access lists.
A name for any firewall object must use these alpha‐numeric characters only:
A
‐
Z
(upper or lower
case),
0
‐
9
,
-
(dash), or
_
(underscore). Also, all firewall object names are case‐sensitive.
Syntax
ip firewall service name <source-port-range> <dest-port-range> <protocol>
ip firewall service name {eq <0-65535> | gt <0-65535> | lt <0-65535> | range <0-
65535> <0-65535>} {eq <0-65535> | gt
<0-65535> | lt <0-65535> | range <0-65535> <0-
65535>}{tcp | udp}
Note: The show ip firewall service command displays pre-defined services.
name
Name of the protocol, not to exceed 16 characters.
eq
Port range equals number specified.
gt
Port range is strictly greater than the number specified, and less than or
equal to 65535.
lt
Port range is strictly less than the number specified.
range
Explicit port range with the start and end ranges specified: <0‐65535>
tcp or udp protocol
Transport protocol. The protocol value is case‐sensitive.