You can manually add a network packet rule.
You can add only one network packet rule at a time.
To add a network packet rule, execute the following command:
kesl-control -F --add-rule --name <
rule name
> --action <
action
> --protocol <
protocol
> --direction <
direction
> --remote <
remote address
> --local <
local address
> --at <
index in a list of network packet rules
>
A section containing new network packet rule settings is added to the Firewall Management task configuration file. If you did not specify a certain setting in the command, the default value is set.
The --at
setting lets you specify the index of the created rule in the list of network packet rules. If the --at
setting is not specified or its value is larger than the number of rules in the list, the new rule is added to the end of the list.
Examples: To create a rule that blocks all incoming and established connections to TCP port 23, execute the following command:
To create a rule that blocks incoming and established connections via the TCP port 23 for the Public network zone, execute the following command:
|