Cosmetic bug
Since we have default rule 1000000, the visual view of column action should be shifted to the right by a few characters
Or use default instead of 1000000
set firewall ipv6-name 6INSIDE-OUT default-action 'accept' set firewall ipv6-name 6INSIDE-OUT rule 9025 action 'reject' set firewall ipv6-name 6INSIDE-OUT rule 9025 description 'Block outgoing SMTP' set firewall ipv6-name 6INSIDE-OUT rule 9025 destination port '25' set firewall ipv6-name 6INSIDE-OUT rule 9025 log 'enable' set firewall ipv6-name 6INSIDE-OUT rule 9025 protocol 'tcp_udp' set firewall name foo rule 10 action 'drop' set firewall name foo rule 10 destination address '192.0.2.5' set firewall name foo rule 20 action 'drop' set firewall name foo rule 20 destination port '345' set firewall name foo rule 20 protocol 'tcp' set interfaces ethernet eth1 firewall out ipv6-name '6INSIDE-OUT' set interfaces ethernet eth1 firewall in name 'foo'
Show:
[email protected]:~$ show firewall ----------------------------- Rulesets Information ----------------------------- -------------------------------------------------------------------------------- IPv4 Firewall "foo": Active on (eth4,IN) rule action proto packets bytes ---- ------ ----- ------- ----- 10 drop all 0 0 condition - saddr 0.0.0.0/0 daddr 192.0.2.5 20 drop tcp 0 0 condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 foo-20 */ 1000000 drop all 0 0 condition - saddr 0.0.0.0/0 daddr 0.0.0.0/0 -------------------------------------------------------------------------------- IPv6 Firewall "6INSIDE-OUT": Active on (eth1,OUT) rule action proto packets bytes ---- ------ ----- ------- ----- 9025 reject tcp_udp 0 0 condition - saddr ::/0 daddr ::/0 6INSIDE-OUT-9025 */ reject-with icmp6-port-u nreachableLOG enabled 1000000 accept all 0 0 condition - saddr ::/0 daddr ::/0