Anyway to add rulebase comments (at CLI not PDM) to 6.3 Pix?

peter-net · ‎02-04-2008

Re 6.3 PIX

Cannot see a "Description" type command for this but want to add clarity to the rulebase - also we do not use a PDM to manage - just CLI - thanks

m.sir · ‎02-04-2008

I you are talking about ACL desription you need to use "remark"

fe.

access-list 101 remark --access to outside--

M.

Hope that helps rate if it does

peter-net · ‎02-04-2008

I don't have access to a test firewall until later tonight. However I happen to have an acl 100 that is about 25 lines long. Can you use the "remark" command in the specific line as the actual acl - or would I have to have a remark line preceding each and every one of the 25 constituent lines that comprise acl 100?

For example:

access-list 100 remark --allow tacacs--access-list 100 permit host 10.1.1.1 172.16.1.1 eq tacacs

access-list 100 remark --allow DNS--

access-list 100 permit host 10.9.1.1 172.16.1.1 eq domain

access-list 100 remark --allow other stuff--

access-list 100 permit host 10.9.1.1 192.168.1.1 eq otherstuff

and so on ??

Thanks

m.sir · ‎02-04-2008

I guess you can insert remark to specific line

witch command

access-list 100 line xxx remark ----

You will see lines witch command

show access-list 100

peter-net · ‎02-04-2008

OK will test tonight and post reply - thanks for prompt help

peter-net · ‎02-05-2008

yes all works fine