Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 912
900
Brocade Mobility RFS Controller CLI Reference Guide
53-1003098-01
12
Usage Guidelines:
Use this command to deny traffic between networks/hosts based on the protocol type selected in
the access list configuration. The following protocols are supported:
•
IP
•
ICMP
host
<DEST-HOST-IP>
Identifies a specific host (as the destination to match) by its IP address. TCP/UDP packets addressed to the
specified host are dropped.
•
<DEST-HOST-IP> – Specify the destination host’s exact IP address in the A.B.C.D format.
<NETWORK-GROUP-ALIAS
-NAME>
This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Applies a network-group alias to identify the destination IP addresses. TCP/UDP packets destined to the
addresses identified in the network-group alias are dropped.
•
<NETWORK-ALIAS-GROUP-NAME> – Specify the network-group alias name (should be existing and
configured).
range <START-PORT>
<END-PORT>
Specifies a range of source ports
•
<START-PORT> – Specify the first port in the range.
•
<END-PORT> – Specify the last port in the range.
eq
[<1-65535>|
<SERVICE-NAME>|
|bgp|dns|ftp|
ftp-data|gopher|
https|ldap|nntp|ntp|
pop3|sip|smtp|
ssh|telnet|
tftp|www]
Identifies a specific destination or protocol port to match
•
<1-65535> – The destination port is designated by its number
•
<SERVICE-NAME> – Specifies the service name
•
bgp – The designated Border Gateway Protocol (BGP) protocol port (179)
•
dns – The designated Domain Name System (DNS) protocol port (53)
•
ftp – The designated File Transfer Protocol (FTP) protocol port (21)
•
ftp-data – The designated FTP data port (20)
•
gropher – The designated GROPHER protocol port (70)
•
https – The designated HTTPS protocol port (443)
•
ldap – The designated Lightweight Directory Access Protocol (LDAP) protocol port (389)
•
nntp – The designated Network News Transfer Protocol (NNTP) protocol port (119)
•
ntp – The designated Network Time Protocol (NTP) protocol port (123)
•
pop3 – The designated POP3 protocol port (110)
Contd..
•
sip – The designated Session Initiation Protocol (SIP) protocol port (5060)
•
smtp – The designated Simple Mail Transfer Protocol (SMTP) protocol port (25)
•
ssh – The designated Secure Shell (SSH) protocol port (22)
•
telnet – The designated Telnet protocol port (23)
•
tftp – The designated Trivial File Transfer Protocol (TFTP) protocol port (69)
•
www – The designated www protocol port (80)
range <START-PORT>
<END-PORT>
Specifies a range of destination ports
•
<START-PORT> – Specify the first port in the range.
•
<END-PORT> – Specify the last port in the range.
log
Logs all deny events matching this entry. If a source and/or destination IP address or port is matched (i.e. a
TCP/UDP packet is received from a specified IP address and/or is destined for a specified IP address), an
event is logged.
rule-precedence
<1-5000>
rule-description <LINE>
The following keywords are recursive and common to all of the above:
•
rule-precedence – Assigns a precedence for this deny rule
•
<1-5000> – Specify a value from 1 - 5000.
Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.
•
rule-description – Optional. Configures a description for this deny rule. Provide a description that
uniquely identifies the purpose of this rule (should not exceed 128 characters in length).