Brocade Mobility RFS Controller System Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Brocade Mobility RFS Controller System Reference Guide

589

53-1003099-01

10

Precedence

Specify or modify a precedence for this IP policy between 1-5000. Rules with lower precedence are
always applied to packets first. If modifying a precedence to apply a higher integer, it will move down the
table to reflect its lower priority.

Action

Every IP Firewall rule is made up of matching criteria rules. The action defines the packet’s disposition if it
matches the specified criteria. The following actions are supported:
Deny - Instructs the Firewall to restrict a packet from proceeding to its destination.
Permit - Instructs the Firewall to allow a packet to proceed to its destination.

Source

Select the source IP address used as basic matching criteria for this IP ACL rule.

Destination Name

Determine whether filtered packet destinations for this IP firewall rule do not require any classification
(any), are designated as a set of configurations consisting of protocol and port mappings (an alias), set as
a numeric IP address (host) or defined as network IP and mask. Selecting alias requires a destination
network group alias be available or created.

Network Service Alias

The service alias is a set of configurations consisting of protocol and port mappings. Both source and
destination ports are configurable. Set an alphanumeric service alias (beginning with a $) and include the
protocol as relevant. Selecting either tcp or udp displays an additional set of specific TCP/UDP source and
destinations port options.

Source Port

If using either tcp or udp as the protocol, define whether the source port for incoming IP ACL rule
application is any, equals or an administrator defined range. If not using tcp or udp, this setting displays
as N/A. This is the data local origination port designated by the administrator. Selecting equals invokes a
spinner control for setting a single numeric port. Selecting range displays spinner controls for Low and
High numeric range settings.

Destination Port

If using either tcp or udp as the protocol, define whether the destination port for outgoing IP ACL rule
application is any, equals or an administrator defined range. If not using tcp or udp, this setting displays
as N/A. This is the data destination port designated by the administrator. Selecting equals invokes a
spinner control for setting a single numeric port. Selecting range displays spinner controls for Low and
High numeric range settings.

ICMP Type

Selecting ICMP as the protocol for the IP rule displays an additional set of ICMP specific options for ICMP
type and code. The Internet Control Message Protocol (ICMP) uses messages identified by numeric type.
ICMP messages are used for packet flow control or generated in IP error responses. ICMP errors are
directed to the source IP address of the originating packet. Assign an ICMP type from 1-10.