Dell POWEREDGE M1000E User Manual

Page 462

Advertising
background image

430

Fabric OS Command Reference

53-1001764-02

ipfilter

2

The following arguments are supported with the --addrule option:

-sip

Specifies the source IP address. For filters of type IPv4, the address must be
a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type
IPv6, the address must be a 12- bit IPv6 address in any format specified by
RFC, or a CIDR-style IPv6 prefix.

-dp

Specifies the destination port number, a range of port numbers, or a service
name.

-proto

Specifies the protocol type, for example tcp or udp.

-act

Specifies the permit or deny action associated with this rule.

rule rule_number

Adds a new rule at the specified rule index number. The rule number must be
between 1 and the current maximum rule number plus one.

--

delrule policyname -rule rule_number

Deletes a rule from the specified IP filter policy. Deleting a rule in the
specified IP filter policy causes the rules following the deleted rule to shift up
in rule order. The change to the specified IP filter policy is not saved to the
persistent configuration until it is saved or activated.

--

transabort

A transaction is associated with a CLI or manageability session. It is opened
implicitly when running the --create, --addrule and --delrule
subcommands. --transabort explicitly ends the transaction owned by the
current CLI or manageability session. If a transaction is not ended, other CLI
or manageability sessions are blocked on the subcommands that would open
a new transaction.

Examples

To create an IP filter for a policy with an IPv6 address:

switch:admin>

ipfilter --create ex1 -type ipv6

To add a new rule to the policy and specify the source IP address, destination port, and protocol,
and to permit the rule:

switch:admin>

ipfilter --addrule ex1 -sip fec0:60:69bc:60:260:69ff:fe80:d4a -dp 23 \

-proto tcp -act permit

To display all existing IP filter policies:

switch:admin>

ipfilter --show

Name: default_ipv4, Type: ipv4, State: active

Rule Source IP

Protocol Dest Port Action

1 any

tcp 22 permit

2 any

tcp 23 permit

3 any

tcp 897 permit

4 any

tcp 898 permit

5 any

tcp 111 permit

6 any

tcp 80 permit

7 any

tcp 443 permit

8 any

udp 161 permit

9 any

udp 111 permit

10 any

udp 123 permit

11 any

tcp 600 - 1023 permit

12 any

udp 600 - 1023 permit

Advertising
Popular Brands
Popular manuals