Reference Guide

ManualsBrandsDell ManualsAccess PlatformsBrocade G620

231

232

233

234

235

236

237

238

239

240

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM

permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --clone command.

Displaying an IP Filter policy

You can display the IP Filter policy content for the specified policy name, or all IP Filter policies if a policy name is not specified.

For each IP Filter policy, the policy name, type, persistent state and policy rules are displayed. The policy rules are listed by the rule

number in ascending order. There is no pagination stop for multiple screens of information. Pipe the output to the |more command to

achieve this.

If a temporary buffer exists for an IP Filter policy, the--show subcommand displays the content in the temporary buffer, with the

persistent state set to no.

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the O

permission for the IPfilter RBAC class of commands.

2. Enter the ipFilter --show command.

Saving an IP Filter policy

You can save one or all IP Filter policies persistently in the defined configuration.

Only the CLI session that owns the updated temporary buffer may run this command. Modification to an active policy cannot be saved

without being applied. Hence, the--save subcommand is blocked for the active policies. Use--activate instead.

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the

OM permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --save command.

Activating an IP Filter policy

IP Filter policies are not enforced until they are activated. Only one IP Filter policy per IPv4 and IPv6 type can be active. If there is a

temporary buffer for the policy, the policy is saved to the defined configuration and activated at the same time. If there is no temporary

buffer for the policy, the policy existing in the defined configuration becomes active. The activated policy continues to remain in the

defined configuration. The policy to be activated replaces the existing active policy of the same type. Activating the default IP Filter

policies returns the IP management interface to its default state. An IP Filter policy without any rule cannot be activated. This

subcommand prompts for a user confirmation before proceeding.

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having OM

permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --activate command.

Deleting an IP Filter policy

You can delete a specified IP Filter policy. Deleting an IP Filter policy removes it from the temporary buffer. To permanently delete the

policy from the persistent database, run ipfilter --save . An active IP Filter policy cannot be deleted.

1. Log in to the switch using an account with admin permissions, or an account associated with the chassis role and having the

OM permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --delete command.

Configuring Security Policies

Brocade Fabric OS Administration Guide, 8.0.1

53-1004111-02 237