Manualshelf

HP StorageWorks Fabric OS 5.3.x administrator guide (5697-0244, November 2009)

ManualsBrandsHP ManualsComputer AccessoriesHP 8/40 SAN Switch 8-port Upgrade E-LTU
131132133134135136137138139140
138 Configuring advanced security
Deleting an IP Filter policy
You can delete a specified IP Filter policy. Deleting an IP Filter policy will remove it from the temporary
buffer. To permanently delete the policy from persistent database, run ipfilter
--save. An active IP
Filter policy cannot be deleted.
To delete an IP Filter policy:
1. Log in to the switch as admin.
2. Type the following command:
ipfilter –delete <policyname>
where <policyname> is the name of the policy.
3. To permanently delete the policy, type the following command:
ipfilter --save
IP Filter policy rules
An IP Filter policy consists of a set of rules. Each rule has an index number identifying the rule. There can
be maximum 256 rules within an IP Filter policy.
Each rule contains the following elements:
Source Address:A source IP address or a group prefix.
Destination Port:The destination port number or name, such as: Telnet, SSH, HTTP, HTTPS.
Protocol:The protocol type. Supported types are TCP or UDP.
Action: The filtering action taken by this rule, Permit or Deny.
For an IPv4 filter policy, the source address has to be a 32-bit IPv4 address in dot decimal notation. The
group prefix has to be a CIDR block prefix representation. For example, 208.130.32.0/24 represents a
24-bit IPv4 prefix starting from the most significant bit. The special prefix 0.0.0.0/0 matches any IPv4
address. In addition, the keyword any is supported to represent any IPv4 address.
For an IPv6 filter policy, the source address has to be a 128-bit IPv6 address, in a format acceptable in RFC
3513. The group prefix has to be a CIDR block prefix representation. For example, 12AB:0:0:CD30::/64
represents a 64-bit IPv6 prefix starting from the most significant bit. In addition, the keyword any is
supported to represent any IPv6 address.
For the destination port, a single port number, or a port number range can be specified. According to
IANA (http://www.iana.org), ports 0 to 1023 are well-known port numbers, ports 1024 to 49151 are
registered port numbers, and ports 49152 to 65535 are dynamic or private port numbers. Well-known and
registered ports are normally used by servers to accept connections, while dynamic port numbers are used
by clients.