Wechseln zu:Navigation, Suche
Wiki

UTM/CLI/Rule: Unterschied zwischen den Versionen

Aus Securepoint Wiki
(Die Seite wurde neu angelegt: „{{Set_lang}} {{#vardefine:headerIcon|spicon-utm}} {{:UTM/CLI/Rule.lang}} {{var | neu--Layoutanpassung | Layoutanpassung | }} </div><div class="new_design"></div>{{TOC2|limit=1}} {{Header|07.2024| * {{#var:neu--Layoutanpassung}} | v11 |{{Menu-UTM|Extras|CLI}} }} <li class="list--element__alert list--element__positiv">{{#var:Paketfilter Umbenennung--Hinweis}}</li> ---- {{Hinweis-box|{{#var:system update rule--Hinweis}} }} {|…“)
 
KKeine Bearbeitungszusammenfassung
 
Zeile 6: Zeile 6:
{{var | neu--Layoutanpassung
{{var | neu--Layoutanpassung
| Layoutanpassung
| Layoutanpassung
| }}
| Layout adjustments }}


 
</div><div class="new_design"></div>{{TOC2|limit=1}}{{Select_lang}}
</div><div class="new_design"></div>{{TOC2|limit=1}}
{{Header|07.2024|
{{Header|07.2024|
* {{#var:neu--Layoutanpassung}}
* {{#var:neu--Layoutanpassung}}
Zeile 24: Zeile 23:


{| class="sptable2 pd5 sortable"
{| class="sptable2 pd5 sortable"
! {{#var:Befehl}} !! class=unsortable| {{#var:Parameter}} !! class=unsortable| {{#var:desc}} !! class=unsortable| {{#var:Beispiel}}
! {{#var:Befehl}} !! class=unsortable| Parameter !! class=unsortable| {{#var:desc}} !! class=unsortable| {{#var:Beispiel}}
|-
|-
| {{h4|rule}} {{h5|rule get}} '''rule''' get
| {{h4|rule}} {{h5|rule get}} '''rule''' get
|
|
Zeile 33: Zeile 31:
|-
|-


| rowspan=13 | {{h5|rule new}} rule new
| rowspan="13" | {{h5|rule new}} rule new
|
|
| {{#var:rule new--desc}}
| {{#var:rule new--desc}}
| rowspan=13 | {{code|rule new group "default" src "dmz1-network" dst "internet" service "default-internet" flags [ ACCEPT HIDENAT ] nat_node "external-interface" }}
| rowspan="13" | {{code|rule new group "default" src "dmz1-network" dst "internet" service "default-internet" flags [ ACCEPT HIDENAT ] nat_node "external-interface" }}
|-
|-
| group
| group
Zeile 66: Zeile 64:
|-
|-
| route
| route
| {{#var:rule-route--desc}}
| Rule Route
|-
|-
| nat_node
| nat_node
Zeile 75: Zeile 73:
|-
|-


| rowspan=14 | {{h5|rule set}} rule set
| rowspan="14" | {{h5|rule set}} rule set
|
|
| {{#var:rule set--desc}}
| {{#var:rule set--desc}}
| rowspan=14 | {{code|rule set id "4" pos "1" flags [ ACCEPT HIDENAT ] LOG"  }}
| rowspan="14" | {{code|rule set id "4" pos "1" flags [ ACCEPT HIDENAT ] LOG"  }}
|-
|-
| id
| id
Zeile 96: Zeile 94:
|-
|-
| flags
| flags
| {{#var:rule-flags--desc}}
| ACCEPT; REJECT; DROP; LOG; LOG_ALL; STATELESS; RELATED; DISABLED; QOS; HIDENAT; HIDENAT_EXCLUDE; DESTNAT; NETMAP; FULLCONENAT; TRACE
|-
|-
| log
| log
Zeile 111: Zeile 109:
|-
|-
| route
| route
| {{#var:rule-route--desc}}
| Rule Route
|-
|-
| nat_node
| nat_node
Zeile 120: Zeile 118:
|-
|-


| rowspan=2 | {{h5|rule delete}} rule delete
| rowspan="2" | {{h5|rule delete}} rule delete
|
|
| {{#var:rule delete--desc}}
| {{#var:rule delete--desc}}
| rowspan=2 | {{code|rule delete id "4"}}
| rowspan="2" | {{code|rule delete id "4"}}
|-
|-
| id
| id
Zeile 129: Zeile 127:
|-
|-


| rowspan=4 | {{h5|rule move}} rule move
| rowspan="4" | {{h5|rule move}} rule move
|
|
| {{#var:rule move--desc}}
| {{#var:rule move--desc}}
| rowspan=4 | {{code|rule move id "4" pos "3" group "default"}}<br>'''{{#var:oder}}'''<br>{{code|rule move id "4" pos "3"}}
| rowspan="4" | {{code|rule move id "4" pos "3" group "default"}}<br>'''{{#var:oder}}'''<br>{{code|rule move id "4" pos "3"}}
|-
|-
| id
| id
Zeile 143: Zeile 141:
| {{#var:rule-group--desc}}
| {{#var:rule-group--desc}}
|-
|-


| class=mw8 | {{h4|rule group}} {{h5|rule group get}} '''rule group''' get
| class=mw8 | {{h4|rule group}} {{h5|rule group get}} '''rule group''' get
Zeile 151: Zeile 148:
|-
|-


| rowspan=2 | {{h5|rule group new}} rule group new
| rowspan="2" | {{h5|rule group new}} rule group new
|
|
| {{#var:rule group new--desc}}
| {{#var:rule group new--desc}}
| rowspan=2 | {{code|rule group new name "VPN"}}
| rowspan="2" | {{code|rule group new name "VPN"}}
|-
|-
| name  
| name  
Zeile 160: Zeile 157:
|-
|-


| rowspan=3 | {{h5|rule group set}} rule group set
| rowspan="3" | {{h5|rule group set}} rule group set
|
|
| {{#var:rule group set--desc}}
| {{#var:rule group set--desc}}
| rowspan=3 | {{code|rule group set id "2" name "SSL-VPN"}}
| rowspan="3" | {{code|rule group set id "2" name "SSL-VPN"}}
|-
|-
| id
| id
Zeile 172: Zeile 169:
|-
|-


| class=mw9 rowspan=2 | {{h5|rule group delete}} rule group delete
| class=mw9 rowspan="2" | {{h5|rule group delete}} rule group delete
|
|
| {{#var:rule group delete--desc}}
| {{#var:rule group delete--desc}}
Zeile 181: Zeile 178:
|-
|-


| rowspan=3 | {{h5|rule group move}} rule group move
| rowspan="3" | {{h5|rule group move}} rule group move
|
|
| {{#var:rule group move--desc}}
| {{#var:rule group move--desc}}
| rowspan=3 | {{code|rule group move name "VPN" pos "1"}}
| rowspan="3" | {{code|rule group move name "VPN" pos "1"}}
|-
|-
| name  
| name  
Zeile 200: Zeile 197:
|-
|-


| rowspan=2 | {{h5|rule timeprofile new}} rule timeprofile new
| rowspan="2" | {{h5|rule timeprofile new}} rule timeprofile new
|
|
| {{#var:rule timeprofile new--desc}}
| {{#var:rule timeprofile new--desc}}
| rowspan=2 | {{code|rule timeprofile new name "{{#var:Werktag}}"}}
| rowspan="2" | {{code|rule timeprofile new name "{{#var:Werktag}}"}}
|-
|-
| name  
| name  
Zeile 209: Zeile 206:
|-
|-


| rowspan=5 | {{h5|rule timeprofile set}} rule timeprofile set
| rowspan="5" | {{h5|rule timeprofile set}} rule timeprofile set
|
|
| {{#var:rule timeprofile set--desc}}
| {{#var:rule timeprofile set--desc}}
Zeile 229: Zeile 226:
|-
|-


| class=mw9 rowspan=2 | {{h5|rule timeprofile delete}} rule timeprofile delete
| class=mw9 rowspan="2" | {{h5|rule timeprofile delete}} rule timeprofile delete
|
|
| {{#var:rule timeprofile delete--desc}}
| {{#var:rule timeprofile delete--desc}}
Zeile 245: Zeile 242:
|-
|-


| rowspan=3 | {{h5|rule implied group get}} rule implied group set
| rowspan="3" | {{h5|rule implied group get}} rule implied group set
|
|
| {{#var:rule implied group set--desc}}
| {{#var:rule implied group set--desc}}
| rowspan=3 | {{code|rule implied group set implied_group "0" active "1"}}
| rowspan="3" | {{code|rule implied group set implied_group "0" active "1"}}
|-
|-
| implied_group
| implied_group
Zeile 263: Zeile 260:
|-
|-


| rowspan=4 | {{h5|rule implied rule get}} rule implied rule set
| rowspan="4" | {{h5|rule implied rule get}} rule implied rule set
|
|
| {{#var:rule implied rule set--desc}}
| {{#var:rule implied rule set--desc}}
| rowspan=4 | {{code|rule implied rule set implied_group "4" implied_rule "9" active "1" }}
| rowspan="4" | {{code|rule implied rule set implied_group "4" implied_rule "9" active "1" }}
|-
|-
| implied_group
| implied_group
Zeile 277: Zeile 274:
| {{#var:rule implied-active--desc}}
| {{#var:rule implied-active--desc}}
|-
|-
|}
|}

Aktuelle Version vom 1. August 2024, 16:11 Uhr























































De.png
En.png
Fr.png








Syntax für den CLI Befehl Rule
Letzte Anpassung: 07.2024
Neu:
  • Layoutanpassung
notempty
Dieser Artikel bezieht sich auf eine Resellerpreview

v11

Aufruf: UTM-IP:Port oder UTM-URL:Port
Port wie unter Netzwerk / Servereinstellungen / Webserver konfiguriert
Default-Port: 11115
z.B.: https://utm.ttt-point.de:11115
Default: https://192.168.175.1:11115 Extras CLI


  • Der Portfilter wurde in der Version 12.6 in Paketfilter umbenannt, was seiner Wirkungsweise wesentlich besser entspricht.
    • notempty
    Damit Änderungen an den Paketfiltereinstellungen wirksam werden muss abschließend der Befehl system update rule ausgeführt werden!


    Befehl Parameter Beschreibung Beispiel

    rule

    rule get
    rule get     		Auflistung aller Paketfilterregeln rule get
    rule new
    rule new     		Erstellt eine neue Portfilterregel rule new group "default" src "dmz1-network" dst "internet" service "default-internet" flags [ ACCEPT HIDENAT ] nat_node "external-interface"
    group Regelgruppe
    src Quell-Objekt
    dst Ziel-Objekt
    service Dienst oder Dienstgruppe
    flags ACCEPT; REJECT; DROP; LOG; LOG_ALL; STATELESS; RELATED; DISABLED; QOS; HIDENAT; HIDENAT_EXCLUDE; DESTNAT; NETMAP; FULLCONENAT; TRACE
    log Log Häufigkeit
    timeprofile Zeitprofil
    qos Quality of Service Regel
    comment Komentar zu der Portfilter-Regel
    route Rule Route
    nat_node Netzwerkobjekt für das NAT
    nat_service Dienst der für das NAT genutzt werden soll
    rule set
    rule set     		Bearbeiten einer Portfilterregel rule set id "4" pos "1" flags [ ACCEPT HIDENAT ] LOG"
    id Id der Paketfilterregel
    group Regelgruppe
    src Quell-Objekt
    dst Ziel-Objekt
    service Dienst oder Dienstgruppe
    flags ACCEPT; REJECT; DROP; LOG; LOG_ALL; STATELESS; RELATED; DISABLED; QOS; HIDENAT; HIDENAT_EXCLUDE; DESTNAT; NETMAP; FULLCONENAT; TRACE
    log Log Häufigkeit
    timeprofile Zeitprofil
    qos Quality of Service Regel
    comment Komentar zu der Portfilter-Regel
    route Rule Route
    nat_node Netzwerkobjekt für das NAT
    nat_service Dienst der für das NAT genutzt werden soll
    rule delete
    rule delete     		Löscht eine Paketfilterregel rule delete id "4"
    id Id der Paketfilterregel
    rule move
    rule move     		Ändert die Position und Gruppe einer Paketfilterregel rule move id "4" pos "3" group "default"
    oder
    rule move id "4" pos "3"
    id Id der Paketfilterregel
    pos Position an der die Regel im Regelwerk stehen soll
    group Regelgruppe

    rule group

    rule group get
    rule group get     		Auflistung aller Paketfilterregel-Gruppen rule group get
    rule group new
    rule group new     		Erstellt eine neue Paketfilterregel-Gruppe rule group new name "VPN"
    name Name der Paketfilterregel-Gruppe
    rule group set
    rule group set     		Ändern der Einstellungen einer Paketfilterregel-Gruppe rule group set id "2" name "SSL-VPN"
    id Id der Paketfilterregel-Gruppe
    name Name der Paketfilterregel-Gruppe
    rule group delete
    rule group delete     		Löscht eine Paketfilterregel-Gruppe rule group delete id "4"
    id Id der Paketfilterregel-Gruppe
    rule group move
    rule group move     		Verändert die Position einer Paketfilterregel-Gruppe zu den anderen Gruppen rule group move name "VPN" pos "1"
    name Name der Paketfilterregel-Gruppe
    pos Position an der die Regel im Regelwerk stehen soll

    rule timeprofile

    rule timeprofile get
    rule timeprofile get     		Auflistung aller Zeitprofile rule timeprofile get
    rule timeprofile new
    rule timeprofile new     		Erstellt ein neues Zeitprofil rule timeprofile new name "Werktag"
    name Name des Zeitprofils
    rule timeprofile set
    rule timeprofile set     		Einrichten oder ändern eines Zeitprofils
  • Jeder Tag muss einzeln eingerichtet werden
    		•  rule timeprofile set id "3" day "mon" values "8-18"

    rule timeprofile set id "3" day "tue" values "7-18"
    rule timeprofile set id "3" day "wed" values "7-19"

    id Id des Zeitprofils
    name Name des Zeitprofils
    day Tag für das Zeitprofil (mon; tue; wed; thu; fri; sat; sun)
    values Wert/Uhrzeiten für das Zeitprofil
    rule timeprofile delete
    rule timeprofile delete     		Löscht ein Zeitprofil rule timeprofile delete id "4"
    id Id des Zeitprofils

    rule implied

    rule implied group get
    rule implied group get     		Auflistung der Impliziten Regel-Gruppen rule implied group get
    rule implied group get
    rule implied group set     		Aktivieren oder deaktivieren einer Implizite Regel-Gruppen rule implied group set implied_group "0" active "1"
    implied_group Id der Impliziten Regel-Gruppe
    active Aktivieren: "1", deaktivieren: "0"
    rule implied rule get
    rule implied rule get     		Auflistung aller Impliziten Regeln rule implied rule get
    rule implied rule get
    rule implied rule set     		Aktivieren oder deaktivieren einer Impliziten Regel rule implied rule set implied_group "4" implied_rule "9" active "1"
    implied_group Id der Impliziten Regel-Gruppe
    implied_rule Id der Impliziten Regel
    active Aktivieren: "1", deaktivieren: "0"
    Abgerufen von „https://wiki.securepoint.de/index.php?title=UTM/CLI/Rule&oldid=92734