config
- system
- security
- [no] cpm-filter
- default-action {accept | drop}
- ip-filter
- entry entry-id [create]
- no entry entry-id
- action {accept | drop}
- no action
- description description-string
- no description
- log log-id
- no log
- match [protocol protocol-id]
- no match
- dscp dscp-name
- no dscp
- dst-ip {ip-address/mask | ip-address ipv4-address-mask | ip-prefix-list prefix-list-name}
- no dst-ip
- dst-port tcp/udp port-number [mask]
- no dst-port
- fragment {true | false}
- no fragment
- icmp-code icmp-code
- no icmp-code
- icmp-type icmp-type
- no icmp-type
- ip-option ip-option-value [ip-option-mask]
- no ip-option
- multiple-option {true | false}
- no multiple-option
- option-present {true | false}
- no option-present
- src-ip {ip-address/mask | ip-address ipv4-address-mask | ip-prefix-list prefix-list-name}
- no src-ip
- src-port tcp/udp port-number [mask]
- no src-port
- tcp-ack {true | false}
- no tcp-ack
- tcp-syn {true | false}
- no tcp-syn
- renum old-entry-id new-entry-id
- [no] shutdown