firewall command

Use this command to configure the firewall to restrict access from certain addresses and optionally limits access time frame. If no option is specified, the current settings will be displayed.

The following table shows the arguments for the options.

Table 1. firewall command.
The following table is a multi-row three column table consisting of the options and option descriptions.
Option	Description	Values
-bips	Block 1-3 IP addresses (comma separated, CIDR or range)	Valid IP addresses Note IPv4 and IPv6 addresses can use CIDR format to block a range of addresses.
-bmacs	Block 1-3 MAC addresses (comma separated)	Valid MAC addresses Note MAC address filtering works only with specific addresses.
-bbd	Block begin date	Date with format <YYYY-MM-DD>
-bed	Block end date	Date with format <YYYY-MM-DD>
-bbt	Block begin time	Time with format <HH:MM>
-bet	Block end time	Time with format <HH:MM>
-bti	Block 1-3 time intervals (comma separated) e.g., firewall - bti 01:00–02:00,05:05–10:30 will block access during 01:00-02:00 & 05:05-10:30 every day	Time range with format <HH:MM-HH:MM>
-clr	Clear the firewall rule for a given type	ip, mac, datetime, interval, all
The following options are for IP address blocking
-iplp	IP address lockout period in minutes.	Numeric value between 0 and 2880, 0 = never expire
-iplf	Maximum number of login failures before IP address is locked out. Note If this value is not 0, then it must be greater than or equal to <Maximum number of login failures> that is set by <accseccfg -lf>	Numeric value between 0 and 32, 0 = never lock
-ipbl	Show/configure the list of IP addresses being locked out.	del, clrall, show -del: delete an IPv4 or IPv6 address from block list -clrall: clear all blocking IP -show: show all blocking IPs

Example:

· “firewall”: Show all options’ value and IP addresses blocking list.
· “firewall -bips  192.168.1.1,192.168.1.0/24,192.168.1.1-192.168.1.5”: Block the access from multi IPs 
· “firewall -bti 01:00-02:00,05:05-10:30,14:15-20:00”: Block all access during 01:00-02:00,05:05-10:30,14:15-20:00 every day.
· “firewall –clr all”: Clear all rules of “Block List and Time Restriction”.
· “firewall -iplp 60”:Set IP address lockout period to 60 minutes. 
· “firewall -iplf 5”:Set maximum number of login failures to 5 timesi.  
· “firewall -ipbl -del 192.168.100.1”:Delete 192.168.100.1 from IP address blocking list. 
· “firewall –ipbl -del 3fcc:1234::2”:Delete 3fcc:1234::2 from IP address blocking list.  
· “firewall –ipbl –clrall”:  Delete all blocking IP addresses.  
· “firewall –ipbl –show”:    Show all blocking IP addresses.

Give documentation feedback