Brocade Network OS NETCONF Operations Guide v4.1.1 User Manual
Page 449
Network OS NETCONF Operations Guide
417
53-1003231-02
IP ACL
28
<dport>eq</dport>
<dport-number-eq-neq-tcp>23
</dport-number-eq-neq-tcp>
</seq>
<seq>
<seq-id>7</seq-id>
<action>deny</action>
<protocol-type>tcp</protocol-type>
<src-host-any-sip>any</src-host-any-sip>
<dst-host-any-dip>any</dst-host-any-dip>
<dport>eq</dport>
<dport-number-eq-neq-tcp>80
</dport-number-eq-neq-tcp>
</seq>
<seq>
<seq-id>10</seq-id>
<action>deny</action>
<protocol-type>udp</protocol-type>
<src-host-any-sip>any</src-host-any-sip>
<dst-host-any-dip>any</dst-host-any-dip>
<dport>range</dport>
<dport-number-range-lower-upd>10
</dport-number-range-lower-udp>
<dport-number-range-higher-udp>25
<dport-number-range-higher-udp>
</seq>
</extended>
</access-list>
</ip>
</ip-acl>
</config>
</edit-config>
</rpc>
<rpc-reply message-id="2409" xmlns="urn:ietf:params:xml:ns:netconf:base:1.0">
<ok/>
</rpc-reply>
Applying an IP or IPv6 ACL to a management interface
NOTE
Applying a permit or deny UDP ACL to the management interface enacts an implicit deny for TCP and
vice versa.
To apply the IP ACLs to a management interface, perform the following steps.
1. Issue the <edit-config> RPC to configure the <interface> node in the
urn:brocade.com:mgmt:brocade-interface namespace.
2. Under the <interface> node, include the <management> node element to configure the
management interface.
3. Under the <management> node, include the <name> node and specify the name of the
management interface in rbridge-id/port format.
4. Under the <management> node, include either the <ip> node element or the <ipv6> node
element.