Deployment Guide
514 Fabric OS Command Reference
53-1003131-01
ipFilter
2
EXAMPLES To create an IP filter for a policy with an IPv6 address:
switch:admin> ipfilter --create ex1 -type ipv6
To add a new rule to the policy and specify the source IP address, destination port, and protocol, and to
permit the rule:
switch:admin> ipfilter --addrule ex1 \
-sip fec0:60:69bc:60:260:69ff:fe80:d4a -dp 23 \
-proto tcp -act permit
To display all existing IP filter policies:
switch:admin> ipfilter --show
Name: default_ipv4, Type: ipv4, State: active
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 80 permit
4 any tcp 443 permit
5 any udp 161 permit
6 any udp 123 permit
7 any tcp 600 - 1023 permit
8 any udp 600 - 1023 permit
Name: default_ipv6, Type: ipv6, State: active
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 80 permit
4 any tcp 443 permit
5 any udp 161 permit
6 any udp 123 permit
7 any tcp 600 - 1023 permit
8 any udp 600 - 1023 permit
To activate the IP Filter policy "ex1":
switch:admin> ipfilter --activate ex1
To display al l IP Filter policies, including the activated policy:
switch:admin> ipfilter --show
Name: default_ipv4, Type: ipv4, State: active
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 80 permit
4 any tcp 443 permit
5 any udp 161 permit
6 any udp 123 permit
7 any tcp 600 - 1023 permit
8 any udp 600 - 1023 permit
Name: default_ipv6, Type: ipv6, State: defined
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 80 permit