Brocade OS Command Reference Manual Supporting Fabric OS v6.0.0 (53-1000599-01, October 2007)

Fabric OS Command Reference 289

53-1000599-01

ipfilter

-dp Specifies the destination port number, a range of port numbers, or a service

name.

-proto Specifies the protocol type, for example tcp or udp.

-act Specifies the permit or deny action associated with this rule.

rule rule_number

Adds a new rule at the given rule index number that is valid between 1 and

the current maximum rule number plus one.

--delrule policyname -rule rule_number

Deletes a rule specified by rule number from the specified IP filter policy.

Deleting a rule in the specified IP filter policy causes the rules following the

deleted rule to shift up in rule order. The change to the specified IP filter

policy is not saved to persistent configuration until a save or activate is run.

--transabort A transaction is associated with a CLI or manageability session. It is opened

implicitly when running the --create, --addrule and --delrule

subcommands. --transabort explicitly ends the transaction owned by the

current CLI or manageability session. If a transaction is not ended, other CLI

or manageability sessions are blocked on the subcommands that would open

a new transaction.

Examples To create an IP filter for a specific policy with an IPv4 address:

switch:admin> ipfilter --create ex1 -type ipv4

To add a new rule to the specific policy and specify the source IP address, destination port number,

and to permit the rule:

switch:admin> ipfilter --addrule ex1 -sip 192.168.44.6 -dp 23 -proto tcp -act permit

To display the IP filter policy for a specify IP policy and type:

Switch:admin> ipfilter --show ex1

Name: ex1, Type: ipv4, State: defined (modified)

Rule Source IP Protocol Dest Port Action

1 192.168.44.6 tcp 23 permit

2 192.168.45.9 tcp 123 deny