Negates a command or sets the default for firewall policy commands
no [acl-logging|alg|clamp|dhcp-offer-convert|dns-snoop|firewall|flow|ip|ip-mac| ipv6|ipv6-mac|logging|proxy-arp|proxy-nd|stateful-packet-inspection-l2|storm-control| virtual-defragmentation]
no [acl-logging|dhcp-offer-convert|proxy-arp|proxy-nd|stateful-packet-inspection-l2]
no alg [dns|facetime|ftp|sccp|sip|tftp]
no clamp tcp-mss
no dns-snoop entry-timeout
no firewall enable
no flow dhcp stateful
no flow timeout [icmp|other|udp]
no flow timeout tcp [closed-wait|established|reset|setup|stateless-fin-or-reset| stateless-general]
Print
this page
Email this topic
Feedback
View PDF
Download EPUBno ip dos {ascend|broadcast-multicast-icmp|chargen|fraggle|ftp-bounce|invalid-protocol|
ip-ttl-zero|ipsproof|land|option-route|router-advt|router-solicit|smurf|snork|tcp-bad-sequence|
tcp-fin-scan|tcp-intercept|tcp-null-scan|tcp-post-syn|tcp-sequence-past-window|tcp-xmas-scan|
tcphdrfrag|twinge|udp-short-hdr|winnuke}
no ip tcp [adjust-mss|optimize-unnecessary-resends|recreate-flow-on-out-of-state-syn| validate-icmp-unreachable|validate-rst-ack-number|validate-rst-seq-number]
no ip-mac conflict
no ip-mac routing conflict
no ipv6 [dos|duplicate-options|firewall|option|rewrite-flow-label|routing-type| strict-ext-hdr-check|unknown-options]
no ipv6 dos {hop-limit-zero|multicast-icmpv6|tcp-intercept-mobility}
no ipv6 [duplicate-options|routing-type [one|two]|strict-ext-hdr-check|unknown-options]
no ipv6 option {endpoint-identification|network-service-access-point|router-alert|
strict-hao-opt-alert|strict-padding}
no ipv6 [firewall enable|rewrite-flow-label]
no logging [icmp-all|icmp-packet-drop|verbose|malformed-packet-drop]
no storm-control [arp|broadcast|multicast|unicast] {fe <1-4>|ge <1-8>|log|
port-channel <1-8>|up1|wlan <WLAN-NAME>}
no virtual-defragmentation {maximum-fragments-per-datagram|minimum-first-fragment-length|
maximum-defragmentation-per-host|timeout}
no <PARAMETERS>
|
no <PARAMETERS> |
Removes this firewall policy settings or reverts settings to default value. |
The following example shows the firewall policy 'test' settings before the 'no' command are executed:
nx9500-6C8809(config-fw-policy-testFW)#show context firewall-policy testFW ip dos fraggle drop-only ip dos tcp-sequence-past-window drop-only ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 storm-control broadcast level 20000 ge 4 storm-control arp log warnings ip-mac conflict drop-only ip-mac routing conflict log-and-drop log-level notifications flow timeout icmp 16000 flow timeout udp 10000 flow timeout tcp established 1500 flow timeout other 16000 dhcp-offer-convert ipv6 routing-type two log-and-drop log-level warnings ipv6 dos hop-limit-zero drop-only alg facetime logging icmp-packet-drop rate-limited logging malformed-packet-drop all logging verbose virtual-defragmentation minimum-first-fragment-length 100 virtual-defragmentation maximum-fragments-per-datagram 10 dns-snoop entry-timeout 1200 ipv6-mac routing conflict drop-only nx9500-6C8809(config-fw-policy-testFW)#
nx9500-6C8809nx9500-6C8809(config-fw-policy-testFW)#no ip dos fraggle
nx9500-6C8809(config-fw-policy-testFW)#no storm-control arp log
nx9500-6C8809(config-fw-policy-testFW)#no dhcp-offer-convert
nx9500-6C8809(config-fw-policy-testFW)#no logging malformed-packet-drop
The following example shows the firewall policy 'test' settings after the 'no' commands are executed:
nx9500-6C8809(config-fw-policy-testFW)#show context firewall-policy testFW no ip dos fraggle ip dos tcp-sequence-past-window drop-only ip dos tcp-max-incomplete high 600 ip dos tcp-max-incomplete low 60 storm-control broadcast level 20000 ge 4 storm-control arp log none ip-mac conflict drop-only ip-mac routing conflict log-and-drop log-level notifications flow timeout icmp 16000 flow timeout udp 10000 flow timeout tcp established 1500 flow timeout other 16000 ipv6 routing-type two log-and-drop log-level warnings ipv6 dos hop-limit-zero drop-only alg facetime logging icmp-packet-drop rate-limited logging verbose virtual-defragmentation minimum-first-fragment-length 100 virtual-defragmentation maximum-fragments-per-datagram 10 dns-snoop entry-timeout 1200 ipv6-mac routing conflict drop-only nx9500-6C8809(config-fw-policy-testFW)#