Reference Guide
434 Brocade Fabric OS Command Reference
53-1004112-02
ipFilter
ipFilter
Manages the IP filter policies.
Synopsis ipfilter --create policyname -type ipv4 | ipv6
ipfilter --clone policyname -from src_policyname
ipfilter --show [-a] [policyname]
ipfilter --save [policyname]
ipfilter --activate policyname
ipfilter --delete policyname
ipfilter --addrule policyname -rule rule_number[ -sip source_IP]
-dp destination_port -proto protocol -act permit | deny
[-type INPUT | FWD] [-dip destination_IP]
ipfilter --delrule policyname -rule rule number
ipfilter --transabort
ipfilter --clrcounters
ipfilter --showcounters
Description Use this command to manage IP filter policies. The ipFilter command and command options are noninteractive,
except when prompting for a confirmation.
The IP filter policy sets up a packet filtering firewall to provide access control on the management IP interface. The
IPv4 and IPv6 policies are either in the defined configuration or in the active configuration.
Excluding the default policies, there can be a maximum of six policies in the defined configuration and one policy
per IPv4 and IPv6 type in the active configuration.
The active policy must be the default policy or one of the policies in the defined configuration. Only the active
policies are enforced. All of the ipFilter options except --show and --transabort, create a transaction owned by the
management session initiating the commands.
An open transaction prevents other transactions from being created on different management sessions. The
--create, --clone, --delete, --addrule, and --delrule operands modify policies in memory buffer, while operands,
--save and --activate commit policies to the persistent configuration. The operands, --save and --activate,
implicitly end the transaction if all policy changes are committed. The operand --transabort explicitly ends an open
transaction and aborts policy changes in memory buffer. Closing the management session that owns the
transaction also aborts policy changes and closes the transaction.
Notes The execution of this command is subject to Virtual Fabric restrictions that may be in place. Refer to "Using Fabric
OS Commands" and "Command Availability" for details.
In a Virtual Fabric environment, IP Filter policies are treated as chassis-wide configurations and apply to all logical
switches in the chassis. Chassis permissions are required to manage IP Filter policies.