Create a Post
Showing results for 
Search instead for 
Did you mean: 

CLI Suspicious Activity Monitor for a port?

Does anyone have an example of the syntax to block a port using the fw sam command?

I use  these already.


Block src or dst of

fw sam -v -l long_noalert -J any


block any src/dst for

fw sam -v -l long_noalert -J subany


Cancel a block for a subnet

fw sam -v -C -J subany




My best guess is to block port udp/11211


fw sam -v -J dstpr any udp/11211

I am willing to bet that that is not right..  Anyone blocked a UDP port before?

0 Kudos
4 Replies
This widget could not be displayed.