Brocade OS Command Reference Manual Supporting Fabric OS v6.0.0 (53-1000599-01, October 2007)

ManualsBrandsHP ManualsComputer AccessoriesHP DC SAN Director Switch Multiprotocol Extension Blade Option

311

312

313

314

315

316

317

318

319

320

Fabric OS Command Reference 287

53-1000599-01

ipfilter

Manages the IP filter policies.

Synopsis --create policyname -type ipv4 | ipv6

--clone policyname -from src_policyname

--show [policyname]

--save [policyname]

--activate policyname

--delete policyname

--addrule policyname -rule rule_number -sip source IP -dp dest port -proto protocol -act permit |

deny

--delrule policyname -rule rule number

--transabort

Description Use this command to manage IP filter policies. The ipfilter command and sub-commands are

non-interactive, except when prompting for a confirmation.

The IP filter policy sets up a packet filtering firewall to provide access control on the management IP

interface. The IPv4 and IPv6 policies are either in the defined configuration or active configuration.

Excluding the default policies, there can be maximum six policies in the defined configuration and

one policy per IPv4 and IPv6 type in the active configuration.

The active policy must be the default, or one of the policies in the defined configuration. Only the

active policies are enforced. All of the ipfilter sub-commands except --show and --transabort,

create a transaction owned by the management session initiating the sub-commands.

An open transaction prevents other transactions from being created on different management

sessions. The --create

, --clone, --delete, --addrule, and --delrule operands modify policies in

memory buffer, while operands, --save and --activate, commit policies to the persistent

configuration. The operands, --save and ---activate, implicitly end the transaction if all policy

changes are committed. The operand --transabort explicitly ends an open transaction and aborts

policy changes in memory buffer. Closing the management session that owns the transaction also

aborts policy changes and closes the transaction.

Operands This command has the following operands:

policyname This operand can be issued with all of the sub-commands. The policy name is

a unique string composed of maximum 20 alpha, numeric or underscore

characters. The default_ipv4 and default_ipv6 names are reserved for

default IP filter policies. The policy name is case insensitive and is always

stored as lower case. The policy type identifies the policy as an IPv4 or IPv6

filter. There can be maximum eight IP filter policies created.

--create policyname -type ipv4 | ipv6

Creates an IP filter policy with the specified name and type. The policy

created is stored in a temporary buffer and will be lost if the policy is not

saved to persistent configuration.