friends n ip netmask [t]
This command is used to setup the modem's firewall friends list, which is used to block incoming packets from an IP address that is not specifically enabled.
Use this to define a range of IP addresses whose traffic you wish to be accepted by the modem.
| n = 1 to 8 | Friends list number
|
| ip = 0.0.0.0 to 255.255.255.255 | IP address/range to allow
|
| netmask = 0.0.0.0 to 255.255.255.255 | Netmask of addresses to allow
|
| t = 0 | Control access to INPUT
|
| t = 1 | Control access to FORWARDING
|
| t = 2 | Control access to both INPUT and FORWARDING
|
Notes:
- INPUT controls access to the following modem features:
- MODBUS
- PAD
- ULCP
- Remote SSH access
- Remote Telnet access
- Remote Web access
- FORWARDING controls access to:
- Port forwarding configured via firewall
- DMZ feature configured via dmz
- Modem access is verified in ascending order via the OR condition of all entries in the friends list.
- By default, the friends list is disabled and all IP addresses are allowed to access the modem.
Examples:
- Allow only incoming requests from the IP address 1.2.3.4 to access the modem :
cmd friends 1 1.2.3.4 255.255.255.255
- Allow only incoming requests from the 1.2.3.x subnet to access the modem :
cmd friends 2 1.2.3.0 255.255.255.0
- Disable the friends list entry and allow all IP addresses to access the modem (default) :
cmd friends 1 0.0.0.0 0.0.0.0
See also: DMZ, Port Forwarding
Firmware revision 2.0.4.2658