Table 33, Table 34 – Dell POWEREDGE M1000E User Manual

156

Fabric OS Administrator’s Guide

53-1001763-02

IP Filter policy

7

TCP and UDP protocols are valid selections. Fabric OS v6.2.0 and later does not support
configuration to filter other protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed
to support ICMP echo request and reply on commands like ping and traceroute. For the action, only
“permit” and “deny” are valid.

For every IP Filter policy, the two rules listed in

Table 33

are always assumed to be appended

implicitly to the end of the policy. This ensures that TCP and UDP traffic to dynamic port ranges is
allowed, so that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not
affected.

A switch with Fabric OS v6.2.0 or later will have a default IP Filter policy for IPv4 and IPv6. The
default IP Filter policy cannot be deleted or changed. When an alternative IP Filter policy is
activated, the default IP Filter policy becomes deactivated.

Table 34

lists the rules of the default IP

Filter policy.

snmp

161

ssh

22

sunrpc

111

telnet

23

www

80

TABLE 33

Implicit IP Filter rules

Source address

Destination port

Protocol

Action

Any

1024-65535

TCP

Permit

Any 1024-65535

UDP

Permit

TABLE 34

Default IP policy rules

Rule number

Source address

Destination port

Protocol

Action

1

Any

22

TCP

Permit

2

Any

23

TCP

Permit

3

Any

897

TCP

Permit

4

Any

898

TCP

Permit

5

Any

111

TCP

Permit

6

Any

80

TCP

Permit

7

Any

443

TCP

Permit

9

Any

161

UDP

Permit

10

Any

111

UDP

Permit

11

Any

123

UDP

Permit

12

Any

600-1023

UDP

Permit

TABLE 32

Supported services (Continued)

Service name

Port number