fwaccel dos allow

Adds the specified IP address to the Penalty Box allow-list.

• <IPv4 Address>

  Can be an IPv4 address of a network or a host.

• <Subnet Prefix>

  Must specify the length of the subnet mask in the format /<bits>.

  Optional for a host IPv4 address.

  Mandatory for a network IPv4 address.

  Range - from /1 to /32.

  Important - If you do not specify the subnet prefix explicitly, this command uses the subnet prefix /32.

Examples:

• For a host:

  192.168.20.30

  192.168.20.30/32

• For a network:

  192.168.20.0/24

Removes (flushes) all entries from the Penalty Box allow-list.

Loads the Penalty Box allow-list entries from the plain-text file with a predefined name:

$FWDIR/conf/pbox-allow-list-v4.conf

Security Gateway Dedicated Check Point server that runs Check Point software to inspect traffic and enforce Security Policies for connected network resources. automatically runs this command "fwaccel dos pbox allow -L" during each boot.

Note - To replace the current allow-list with the contents of a new file, use both the "-F" and "-L" parameters on the same command line.

Important:

• This file does not exist by default.

• You must manually create and configure this file with the touch or vi command.

• You must assign at least the read permission to this file with the chmod +x command.

• Each entry in this file must be on a separate line.

• Each entry in this file must be in this format:

  <IPv4 Address>[/<Subnet Prefix>]

• SecureXL ignores empty lines and lines that start with the # character in this file.