Adding a network packet rule

You can manually add a network packet rule.

You can add only one network packet rule at a time.

To add a network packet rule, execute the following command:

kesl-control -F --add-rule --name <rule name> --action <action> --protocol <protocol> --direction <direction> --remote <remote address> --local <local address> --at <index in a list of network packet rules>

A section containing new network packet rule settings is added to the Firewall Management task configuration file. If you did not specify a certain setting in the command, the default value is set.

The --at setting lets you specify the index of the created rule in the list of network packet rules. If the --at setting is not specified or its value is larger than the number of rules in the list, the new rule is added to the end of the list.

Examples:

To create a rule that blocks all incoming and established connections to TCP port 23, execute the following command:

kesl-control --add-rule --name Block_Telnet --action Block --direction in --protocol TCP --local any:23

--remote any

To create a rule that blocks incoming and established connections via the TCP port 23 for the Public network zone, execute the following command:

kesl-control --add-rule --name Block_Telnet --action Block --direction in --protocol TCP --local any:23

--remote Public

Page top