CONFIG FILTER RULE UPDATE

Level

filter,globalfilter,modify

Format

section_line

History

Appears in Netasq 9.0.0
ipstate appears in Netasq 9.0.2
name appears in 2.5.0
srcgeo,dstgeo,srciprep,dstiprep,srchostrep,dsthostrep,srchostrepop,dsthostrepop appear in 3.0.0
enforceipsecforward,enforceipsecreverse appear in 3.5.0
nohasync appears in 4.0.0
proxycache removed in 4.1.0

Cache category clone

filter

Description

Update a filter rule.

Usage

index=<policy idx> type=(filter|nat) ( position=<digit> | name=<string> )
[output=(plain|xml)] (default: plain)
[global=(0|1)] (default: 0)
[state=(on|off)]
[action=(pass|block|deleg|reset|log|decrypt|nat)]
[loglevel=(none|log|minor|major)]
[noconnlog=(""|all|[disk],[syslog],[ipfix])]
[count=(on|off)]
[rate=(""|<tcp>,<udp>,<icmp>,<sctp>,<request>)]
[synproxy=(on|off)]
[settos=(""|<1-254>)]
[qosid=(""|<qid name>)]
[ackqosid=(""|<qid name>)]
[qosfairness=(""|state|user|host)]
[route=(""|<objrouter>|<hostname>|<ipaddr>)]
[inspection=(firewall|ids|ips)]
[antivirus=(on|off)]
[sandboxing=(on|off)]
[antispam=(on|off)]
[ftpfiltering=(on|off)]
[urlfiltering=(""|<0-9>)] (URL policy index)
[mailfiltering=(""|<0-9>)] (Mail policy index)
[sslfiltering=(""|<0-9>)] (SSL policy index)
[fwservice=(""|httpproxy|webportal)]
[webportalexcept=(""|urlgroup[,urlgroup[,urlgroup[,...]]])]
[inbound=(""|sip_udp)]
[schedule=(anytime|<time object>)]
[securityinspection=(""|<0-9>)] (ASQ config index)
[tos=(""|<1-254>)]
[ipstate=(on|off)]
[ipproto=(any|<IP protocol name>)] (for instance, TCP, UDP, ICMP, etc)
[icmptype=(""|<0-255>)] [icmpcode=(""|<0-255>)] [proto=(auto|none|<app protocol name>)] (for instance, HTTP, FTP, etc)
[etherproto=(auto|none|<transport protocol name>)] (for instance, profinet-rt, etc)
[srcuser=(""|any|unknown|[!]<user>|[!]<usergroup>)]
[srcusertype=(""|user|group)]
[srcuserdomain=(""|<domain name>)]
[srcusermethod=(""|plain|spnego|ssl|radius|kerberos|agent-ad|openvpn|ipsec|guest|agent-guard)]
[srctarget=(any|[!]<objectname>[,<objectname>[,<objectname>[,...]]])]
[srcportop=(eq|ne|gt|lt)]
[srcport=(any|<objectservice>[,<objectservice>[,<objectservice>[,...]]])]
[srcif=(any|<interface name>)]
[srcgeo=(<objectgeo[|<objectgeo>[|...]]])]
[srciprep=(<objectiprep[|<objectiprep>[|...]]])]
[srchostrep=(<0-65535>)]
[srchostrepop=(lt|gt)]
[via=(any|sslvpn|httpproxy|ipsec|sslproxy|none)]
[dsttarget=(any|[!]<objectname>[,<objectname>[,<objectname>[,...]]])]
[dstportop=(eq|ne|gt|lt)]
[dstport=(any|<objectservice>[,<objectservice>[,<objectservice>[,...]]])]
[dstif=(any|<interface name>)]
[dstgeo=(<objectgeo[|objectgeo[|...]]])]
[dstiprep=(<objectiprep[|objectiprep[|...]]])]
[dsthostrep=(<0-65535>)]
[dsthostrepop=(lt|gt)]
[natsrctarget=(""|original|<object name>)] (empty value to disable nat on source)
[natsrclb=(none|roundrobin|srchash|connhash|random)]
[natsrcarp=(on|off)]
[natsrcportop=(eq|ne|gt|lt)]
[natsrcport=(original|<objectservice>|<port range>)]
[natsrcportlb=(none|random)]
[natdsttarget=(""|original|<object name>)] (empty value to disable nat on destination)
[natdstlb=(none|roundrobin|srchash|connhash|random)]
[natdstarp=(on|off)]
[natdstportop=(eq|ne|gt|lt)]
[natdstport=(original|<objectservice>|<port range>)]
[natdstportlb=(none|roundrobin|srchash|connhash|random)]
[beforevpn=(on|off)]
[enforceipsecforward=(on|off)]
[enforceipsecreverse=(on|off)]
[comment=<string>]
[rulename=<string>]
[nohasync=(on|off)]