Dell Brocade G620 Brocade 8.0.1 Fabric OS Administratiors Guide - Page 237
Displaying an IP Filter policy, Saving an IP Filter policy, Activating an IP Filter policy, Deleting an IP Filter policy
![]() |
View all Dell Brocade G620 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 237 highlights
Configuring Security Policies 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM permissions for the IPfilter RBAC class of commands. 2. Enter the ipFilter --clone command. Displaying an IP Filter policy You can display the IP Filter policy content for the specified policy name, or all IP Filter policies if a policy name is not specified. For each IP Filter policy, the policy name, type, persistent state and policy rules are displayed. The policy rules are listed by the rule number in ascending order. There is no pagination stop for multiple screens of information. Pipe the output to the |more command to achieve this. If a temporary buffer exists for an IP Filter policy, the--show subcommand displays the content in the temporary buffer, with the persistent state set to no. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the O permission for the IPfilter RBAC class of commands. 2. Enter the ipFilter --show command. Saving an IP Filter policy You can save one or all IP Filter policies persistently in the defined configuration. Only the CLI session that owns the updated temporary buffer may run this command. Modification to an active policy cannot be saved without being applied. Hence, the--save subcommand is blocked for the active policies. Use--activate instead. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the OM permissions for the IPfilter RBAC class of commands. 2. Enter the ipFilter --save command. Activating an IP Filter policy IP Filter policies are not enforced until they are activated. Only one IP Filter policy per IPv4 and IPv6 type can be active. If there is a temporary buffer for the policy, the policy is saved to the defined configuration and activated at the same time. If there is no temporary buffer for the policy, the policy existing in the defined configuration becomes active. The activated policy continues to remain in the defined configuration. The policy to be activated replaces the existing active policy of the same type. Activating the default IP Filter policies returns the IP management interface to its default state. An IP Filter policy without any rule cannot be activated. This subcommand prompts for a user confirmation before proceeding. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM permissions for the IPfilter RBAC class of commands. 2. Enter the ipFilter --activate command. Deleting an IP Filter policy You can delete a specified IP Filter policy. Deleting an IP Filter policy removes it from the temporary buffer. To permanently delete the policy from the persistent database, run ipfilter --save . An active IP Filter policy cannot be deleted. 1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the OM permissions for the IPfilter RBAC class of commands. 2. Enter the ipFilter --delete command. Brocade Fabric OS Administration Guide, 8.0.1 53-1004111-02 237
![](/manual_guide/products/dell-brocade-g620-brocade-801-fabric-os-administratiors-guide-fdaf46d/237.png)