10-01-2020 02:59 PM
I’m assuming this is possible but I’m not sure how to do it.
For example based on the GTAC guide “How to Block Bonjour traffic with Policy via Command Line Interface” I know how to drop this IPv4 traffic.
I would like to add to this existing rule another rule that drops the IPv6 version of this traffic (or, better yet, simply drop all IPv6 traffic) but I can’t seem to find a clear example of adding to existing rules using the CLI.
Is there a guide to this somewhere?
Solved! Go to Solution.
10-02-2020 11:50 AM
Just add the entry to the existing rule
set policy profile 1 name DropIPv6
set policy rule 1 ether 0x86dd mask 16 drop
Where the ‘1’ in both lines is the Policy Profile Index.
Since the policy rules in one profile are evaluated by precedence there is no ‘line number’ whiel adding a rule to a profile
10-02-2020 11:50 AM
Just add the entry to the existing rule
set policy profile 1 name DropIPv6
set policy rule 1 ether 0x86dd mask 16 drop
Where the ‘1’ in both lines is the Policy Profile Index.
Since the policy rules in one profile are evaluated by precedence there is no ‘line number’ whiel adding a rule to a profile