Fabric OS Administrator's Guide v7.0.0 (53-1002148-02, June 2011)

Fabric OS Administrator’s Guide 159

53-1002148-02

IP Filter policy

Protocol

TCP and UDP protocols are valid protocol selections. Fabric OS v6.2.0 and later do not support

configuration to filter other protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed

to support ICMP echo request and reply on commands like ping and traceroute.

Action

For the action, only “permit” and “deny” are valid.

Traffic type and destination IP

The traffic type and destination IP elements allow an IP policy rule to specify filter enforcement for

IP forwarding. The INPUT traffic type is the default and restricts rules to manage traffic on IP

management interfaces,

The FORWARD traffic type allows management of bidirectional traffic between the external

management interface and the inband management interface. In this case, the destination IP

element should also be specified.

Implicit filter rules

For every IP Filter policy, the two rules listed in Table 35 are always assumed to be appended

implicitly to the end of the policy. This ensures that TCP and UDP traffic to dynamic port ranges is

allowed, so that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not

affected.

shell 514

uucp 540

biff 512

who 513

syslog 514

route 520

timed 525

kerberos4 750

rpcd 897

securerpcd 898

TABLE 35 Implicit IP Filter rules

Source address Destination port Protocol Action

Any 1024-65535 TCP Permit

Any 1024-65535 UDP Permit

TABLE 34 Supported services (Continued)

Service name Port number