Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Supported services (Continued)TABLE 47

Service name Port number

https 443

ssmtp 465

exec 512

shell 514

uucp 540

biff 512

who 513

syslog 514

route 520

timed 525

kerberos4 750

Protocol

TCP and UDP protocols are valid protocol selections. Fabric OS v6.2.0 and later do not support

configuration to filter other protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed to

support ICMP echo request and reply on commands like ping and traceroute.

Action

For the action, only "permit" and "deny" are valid.

Traffic type and destination IP

The traffic type and destination IP elements allow an IP policy rule to specify filter enforcement for IP

forwarding. The INPUT traffic type is the default and restricts rules to manage traffic on IP management

interfaces,

The FORWARD traffic type allows management of bidirectional traffic between the external

management interface and the inband management interface. In this case, the destination IP element

should also be specified.

Implicit filter rules

For every IP Filter policy, the two rules listed in Table 48 are always assumed to be appended implicitly

to the end of the policy. This ensures that TCP and UDP traffic to dynamic port ranges is allowed, so

that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not affected.

Protocol

Fabric OS Administrators Guide 235

53-1003130-01