George Ellis

CLI Suspicious Activity Monitor for a port?

Discussion created by George Ellis on Mar 1, 2018
Latest reply on Mar 22, 2018 by Dameon Welch-Abernathy

Does anyone have an example of the syntax to block a port using the fw sam command?


I use  these already.


Block src or dst of

fw sam -v -l long_noalert -J any


block any src/dst for

fw sam -v -l long_noalert -J subany


Cancel a block for a subnet

fw sam -v -C -J subany




My best guess is to block port udp/11211


fw sam -v -J dstpr any udp/11211


I am willing to bet that that is not right..  Anyone blocked a UDP port before?