CLI Command: Rule

Syntax for the CLI command Rule

Last adaption: 07.2024

New:

Layout adjustments

notempty

This article refers to a Resellerpreview

v11

The port filter was renamed packet filter in version 12.6, which corresponds much better to its mode of operation.

notempty

The command system update rule must be executed for changes to the packet filter settings to take effect!

Command	Parameter	Description	Example
rule rule get rule get		Listing of all packet filter rules	rule get
rule new rule new		Creates a new port filter rule	rule new group "default" src "dmz1-network" dst "internet" service "default-internet" flags [ ACCEPT HIDENAT ] nat_node "external-interface"
	group	Regular group
	src	Source object
	dst	Target object
	service	Service or service group
	flags	ACCEPT; REJECT; DROP; LOG; LOG_ALL; STATELESS; RELATED; DISABLED; QOS; HIDENAT; HIDENAT_EXCLUDE; DESTNAT; NETMAP; FULLCONENAT; TRACE
	log	Log frequency
	timeprofile	Time profile
	qos	Dienstgüteverordnung
	comment	Comment on the port filter rule
	route	Rule Route
	nat_node	Network object for the NAT
	nat_service	Service to be used for the NAT
rule set rule set		Editing a port filter rule	rule set id "4" pos "1" flags [ ACCEPT HIDENAT ] LOG"
	id	Id of the packet filter rule
	group	Regular group
	src	Source object
	dst	Target object
	service	Service or service group
	flags	ACCEPT; REJECT; DROP; LOG; LOG_ALL; STATELESS; RELATED; DISABLED; QOS; HIDENAT; HIDENAT_EXCLUDE; DESTNAT; NETMAP; FULLCONENAT; TRACE
	log	Log frequency
	timeprofile	Time profile
	qos	Dienstgüteverordnung
	comment	Comment on the port filter rule
	route	Rule Route
	nat_node	Network object for the NAT
	nat_service	Service to be used for the NAT
rule delete rule delete		Deletes a packet filter rule	rule delete id "4"
rule delete rule delete	id	Id of the packet filter rule	rule delete id "4"
rule move rule move		Changes the position and group of a packet filter rule	rule move id "4" pos "3" group "default" or rule move id "4" pos "3"
	id	Id of the packet filter rule
	pos	Position where the rule should be in the rulebook
	group	Regular group
rule group rule group get rule group get		Listing of all packet filter rule groups	rule group get
rule group new rule group new		Creates a new packet filter rule group	rule group new name "VPN"
rule group new rule group new	name	Name of the packet filter rule group	rule group new name "VPN"
rule group set rule group set		Changing the settings of a packet filter rule group	rule group set id "2" name "SSL-VPN"
	id	Id of the packet filter rule group
	name	Name of the packet filter rule group
rule group delete rule group delete		Deletes a packet filter rule group	rule group delete id "4"
rule group delete rule group delete	id	Id of the packet filter rule group	rule group delete id "4"
rule group move rule group move		Changes the position of a packet filter rule group in relation to the other groups	rule group move name "VPN" pos "1"
	name	Name of the packet filter rule group
	pos	Position where the rule should be in the rulebook
rule timeprofile rule timeprofile get rule timeprofile get		Listing of all time profiles	rule timeprofile get
rule timeprofile new rule timeprofile new		Creates a new time profile	rule timeprofile new name "Business day"
rule timeprofile new rule timeprofile new	name	Name of the time profile	rule timeprofile new name "Business day"
rule timeprofile set rule timeprofile set		Einrichten oder ändern eines Zeitprofils Jeder Tag muss einzeln eingerichtet werden	rule timeprofile set id "3" day "mon" values "8-18" rule timeprofile set id "3" day "tue" values "7-18" rule timeprofile set id "3" day "wed" values "7-19"
	id	Id of the time profile
	name	Name of the time profile
	day	Day for the time profile (mon; tue; wed; thu; fri; sat; sun)
	values	Value/times for the time profile
rule timeprofile delete rule timeprofile delete		Deletes a time profile	rule timeprofile delete id "4"
rule timeprofile delete rule timeprofile delete	id	Id of the time profile	rule timeprofile delete id "4"
rule implied rule implied group get rule implied group get		List of implicit rule groups	rule implied group get
rule implied group get rule implied group set		Activate or deactivate an implicit rule group	rule implied group set implied_group "0" active "1"
	implied_group	Id of the implicit rule group
	active	Activate: "1", deactivate: "0"
rule implied rule get rule implied rule get		List of all implicit rules	rule implied rule get
rule implied rule get rule implied rule set		Activating or deactivating an implicit rule	rule implied rule set implied_group "4" implied_rule "9" active "1"
	implied_group	Id of the implicit rule group
	implied_rule	Id of the implicit rule
	active	Activate: "1", deactivate: "0"

rule

rule get

rule new

rule set

rule delete

rule move

rule group

rule group get

rule group new

rule group set

rule group delete

rule group move

rule timeprofile

rule timeprofile get

rule timeprofile new

rule timeprofile set

rule timeprofile delete

rule implied

rule implied group get

rule implied group get

rule implied rule get

rule implied rule get