Dell Brocade 6510 Fabric OS Command Reference v7.1.0 - Page 502
addrule, proto, delrule, transabort, create, clrcounters, showcounters
View all Dell Brocade 6510 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 502 highlights
2 ipFilter EXAMPLES The following arguments are supported with the --addrule option: -sip source_IP Specifies the source IP address. For filters of type IPv4, the address must be a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type IPv6, the address must be a 12- bit IPv6 address in any format specified by RFC3513, or a CIDR-style IPv6 prefix. The source IP option is not supported for FORWARD traffic -dp destination_port Specifies the destination port number, a range of port numbers, or a service name. Note that blocking or permitting of ports 1024 and above is not allowed. These ports are used by various applications and services on the switch. -proto protocol Specifies the protocol type, for example, tcp or udp. -act permit | deny Specifies the permit or deny action associated with this rule. Blocking or permitting port 1024 and above is not allowed. Ports numbered 1024 and higher are used by applications for services such as FTP and blocking these ports may cause these applications to behave in unexpected ways. rule rule_number Adds a new rule at the specified rule index number. The rule number must be between 1 and the current maximum rule number plus one. -type INPUT | FWD Specifies the type of traffic that is allowed for the specified IP address. Forwarding rules manage the bidirectional traffic between the external Ethernet interface (eth0/bond0) and the inband management interface (inbd+). INPUT traffic is the default type of traffic for IP filter rules. -dip destination_IP Specifies the destination IP address. For filters of type IPV4, the address must be a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type IPv6, the address must be in a 128-bit IPv6 address in any format specified by RFC3513, or a CIDR-style IPv6 prefix. The destination IP option is not be supported for INPUT traffic type. --delrule policyname -rule rule_number Deletes a rule from the specified IP filter policy. Deleting a rule in the specified IP filter policy causes the rules following the deleted rule to shift up in rule order. The change to the specified IP filter policy is not saved to the persistent configuration until it is saved or activated. --transabort A transaction is associated with a CLI or manageability session, which is opened implicitly when you execute the --create, --addrule and --delrule subcommands. The --transabort command explicitly ends the transaction owned by the current CLI or manageability session. If a transaction is not ended, other CLI or manageability sessions are blocked on the subcommands that would open a new transaction. --clrcounters Clears the IP filter counters. This command requires root permissions. --showcounters Displays the IP filter counters. This command requires root permissions. To create an IP filter for a policy with an IPv6 address: switch:admin> ipfilter --create ex1 -type ipv6 474 Fabric OS Command Reference 53-1002746-01