Dell POWEREDGE M1000E User Manual

Fabric OS Command Reference

429

53-1001764-02

ipfilter

2

case. The policy type identifies the policy as an IPv4 or IPv6 filter. You can
create a maximum of eight IP filter policies.

--

create policyname -type ipv4 | ipv6

Creates an IP filter policy with the specified name and type. The policy
created is stored in a temporary buffer and is lost if the policy is not saved to
the persistent configuration.

--

clone policyname -from src_policyname

Creates a replica of an existing IP filter policy. The cloned policy is stored in a
temporary buffer and has the same rules as the original policy.

--

show [policyname]

Displays the IP filter policy content for the specified policy name or all IP filter
policies if policyname is not specified. For each IP filter policy, the policy
name, type, persistent state, and policy rules are displayed. The policy rules
are listed by the rule number in ascending order.

Command output displays without pagination. Use command | more to
display the output with page breaks. If a temporary buffer exists for an IP filter
policy, the --show operand displays the content in the temporary buffer, with
the persistent state set to modified defined or modified active.

--

save [policyname]

Saves one or all IP filter policies persistently as the defined configuration.
This operand is optional. If a policy name is specified, only the specified IP
filter policy in the temporary buffer is saved; otherwise, all IP filter policies in
the temporary buffer is saved. Only the CLI session that owns the updated
temporary buffer can run this command. Modification to an active policy
cannot be saved without being applied. Therefore, --save is blocked for the
active policies; instead use --activate.

--

activate policyname

Activates the specified IP filter policy. IP filter policies are not enforced until
they are activated. Only one IP filter policy per IPv4 and IPv6 type can be
active. If there is a temporary buffer for the policy, the policy is saved to the
defined configuration and activated at the same time. If there is no temporary
buffer for the policy, the policy existing in the defined configuration becomes
active. The policy to be activated replaces the existing active policy of the
same type. Activating the default IP filter policies returns the IP management
interface to its default state. An IP filter policy without any rule cannot be
activated. This operand prompts for confirmation before proceeding.

--

delete policyname

Deletes the specified IP filter policy. Deleting an IP filter policy removes it from
the temporary buffer. To permanently delete the policy from the persistent
database, issue ipfilter --save. An active IP filter policy cannot be deleted.

--

addrule policyname

Adds a new rule to the specified IP filter policy. The change made to the
specified IP filter policy is not saved to the persistent configuration until saved
or activated.