I have a number of firewall rules set up on my Vigor 2820 which I wish to enable / disable using the telnet connection. Is this possible? I have been investigating the 'ipf set' command but cannot seem to do anything useful with an existing rule.

What I would like to do is something like the following;-

ipf set 2 rule 5 on

or

ipf set 2 rule 5 off

To activate / deactivate a particular rule on the firewall.

Is anything like this possible without going in via the web interface?

I no longer have a (working) 2820, so don't know if the commands are the same...

I successfully disabled an existing rule on my 2860, as follows :-

Code:

Valhalla> ipf rule 12 7 -e 0 Setting saved. Valhalla>

1st parameter is Filter Set number,
2nd parameter is Rule number,
3rd parameter (0 or 1 ) is disable or enable

(So the example above, disables Rule 7 in Filter Set 12)

Thanks very much @hornbyp, although your suggested syntax didn't work for me.
Trying a variation on your reply I came up with;-

ipf set 12 rule 7 -e 0

which will disable rule 7 of filter set 12.

Then to re-enable you can use;-

ipf set 12 rule 7 -e 1


These commands do exactly what I want - thanks.

Unfortunately I cannot find anywhere that this is documented. Can anyone point to some detailed draytek telnet command documentation which includes this?

smartbloke wrote: Trying a variation on your reply I came up with;-

ipf set 12 rule 7 -e 0

which will disable rule 7 of filter set 12.

That syntax works on the 2860 too!

and he wrote: Unfortunately I cannot find anywhere that this is documented. Can anyone point to some detailed draytek telnet command documentation which includes this?

Draytek sometimes tag the "CLI" stuff onto the end of the manual ... though not in the case of the 2820

There are some documents here: ftp://ftp.draytek.com/CLI%20Doc/ , but I think they pre-date the 2820. I have some others in my possession (where they came from, I have no idea!), but they are too new (one is specifically for the 2860).

Thanks but the documents you linked to contain no reference to the -e flag on the spf set command.

It would be nice to see some complete documentation rather than something that was produced almost 10 years ago and is obviously not complete.

Are these forums watched by Draytek admins? Can anyone else help with decent (complete) CLI documentation?

Hello @smartbloke,

I have this version (V.1.12 May 2016) which should work for all DrayOS routers. I used to use this with my 2820 but not all commands in the guide are supported on all DrayOS routers, so you have to list what commands your router has i.e ? for command help.

https://www.draytek.co.uk/support/downloads/software

Hope this helps

John.

P.S draytek were never very good at user guides :lol: