config ssh-filter profile
Description: SSH filter profile.
edit <name>
set block {option1}, {option2}, ...
set log {option1}, {option2}, ...
set default-command-log [enable|disable]
config shell-commands
Description: SSH command filter.
edit <id>
set type [simple|regex]
set pattern {string}
set action [block|allow]
set log [enable|disable]
set alert [enable|disable]
set severity [low|medium|...]
next
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
block | SSH blocking options. x11: X server forwarding. shell: SSH shell. exec: SSH execution. port-forward: Port forwarding. tun-forward: Tunnel forwarding. sftp: SFTP. scp: SCP. unknown: Unknown channel. |
option | - |
log | SSH logging options. x11: X server forwarding. shell: SSH shell. exec: SSH execution. port-forward: Port forwarding. tun-forward: Tunnel forwarding. sftp: SFTP. scp: SCP. unknown: Unknown channel. |
option | - |
default-command-log | Enable/disable logging unmatched shell commands. enable: Enable log unmatched shell commands. disable: Disable log unmatched shell commands. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
type | Matching type. simple: Match single command. regex: Match command line using regular expression. |
option | - |
pattern | SSH shell command pattern. | string | Maximum length: 128 |
action | Action to take for URL filter matches. block: Block the SSH shell command. allow: Allow the SSH shell command. |
option | - |
log | Enable/disable logging. enable: Enable logging. disable: Disable logging. |
option | - |
alert | Enable/disable alert. enable: Enable alert. disable: Disable alert. |
option | - |
severity | Log severity. low: Severity low. medium: Severity medium. high: Severity high. critical: Severity critical. |
option | - |
config ssh-filter profile
Description: SSH filter profile.
edit <name>
set block {option1}, {option2}, ...
set log {option1}, {option2}, ...
set default-command-log [enable|disable]
config shell-commands
Description: SSH command filter.
edit <id>
set type [simple|regex]
set pattern {string}
set action [block|allow]
set log [enable|disable]
set alert [enable|disable]
set severity [low|medium|...]
next
end
next
end
Parameter Name | Description | Type | Size |
---|---|---|---|
block | SSH blocking options. x11: X server forwarding. shell: SSH shell. exec: SSH execution. port-forward: Port forwarding. tun-forward: Tunnel forwarding. sftp: SFTP. scp: SCP. unknown: Unknown channel. |
option | - |
log | SSH logging options. x11: X server forwarding. shell: SSH shell. exec: SSH execution. port-forward: Port forwarding. tun-forward: Tunnel forwarding. sftp: SFTP. scp: SCP. unknown: Unknown channel. |
option | - |
default-command-log | Enable/disable logging unmatched shell commands. enable: Enable log unmatched shell commands. disable: Disable log unmatched shell commands. |
option | - |
Parameter Name | Description | Type | Size |
---|---|---|---|
type | Matching type. simple: Match single command. regex: Match command line using regular expression. |
option | - |
pattern | SSH shell command pattern. | string | Maximum length: 128 |
action | Action to take for URL filter matches. block: Block the SSH shell command. allow: Allow the SSH shell command. |
option | - |
log | Enable/disable logging. enable: Enable logging. disable: Disable logging. |
option | - |
alert | Enable/disable alert. enable: Enable alert. disable: Disable alert. |
option | - |
severity | Log severity. low: Severity low. medium: Severity medium. high: Severity high. critical: Severity critical. |
option | - |