Brocade Fabric OS Command Reference Guide v6.1.0 (53-1000599-02, June 2008)
Table Of Contents
- Contents
- About This Document
- Using Fabric OS Commands
- Fabric OS Commands
- aaaConfig
- ad
- ag
- agshow
- aliAdd
- aliCreate
- aliDelete
- aliRemove
- aliShow
- aptPolicy
- auditCfg
- authUtil
- bannerSet
- bannerShow
- bcastShow
- bladeBeacon
- bladeDisable
- bladeEnable
- burninErrClear
- burninErrShow
- burninLevel
- burninStatus
- cfgActvShow
- cfgAdd
- cfgClear
- cfgCreate
- cfgDelete
- cfgDisable
- cfgEnable
- cfgMcdtmode
- cfgRemove
- cfgSave
- cfgSaveActiveToDefined
- cfgShow
- cfgSize
- cfgTransAbort
- cfgTransShow
- chassisConfig
- chassisName
- chassisShow
- cliHistory
- configDefault
- configDownload
- configList
- configRemove
- configShow
- configUpload
- configure
- dataTypeShow
- date
- dbgShow
- defZone
- diagClearError
- diagDisablePost
- diagEnablePost
- diagHelp
- diagPost
- diagRetry
- diagSetBurnin
- diagSetCycle
- diagShow
- diagSkipTests
- diagStopBurnin
- dbgShow
- distribute
- dlsReset
- dlsSet
- dlsShow
- dnsConfig
- enclosureShow
- errClear
- errDelimiterSet
- errDump
- errFilterSet
- errModuleShow
- errShow
- exit
- fabPortShow
- fabRetryShow
- fabricLog
- fabricPrincipal
- fabricShow
- fabStatsShow
- fabSwitchShow
- fanDisable
- fanEnable
- fanShow
- fastboot
- fastwritecfg
- fcipChipTest
- fcipHelp
- fcipPathTest
- fcLunQuery
- fcPing
- fcpLogClear
- fcpLogDisable
- fcpLogEnable
- fcpLogShow
- fcpProbeShow
- fcpRlsShow
- fcrBcastConfig
- fcrChipTest
- fcrConfigure
- fcrFabricShow
- fcrLsanCount
- fcrLsanMatrix
- fcrPathTest
- fcrPhyDevShow
- fcrProxyConfig
- fcrProxyDevShow
- fcrResourceShow
- fcrRouterPortCost
- fcrRouteShow
- fcrXlateConfig
- fddCfg
- fdmiCacheShow
- fdmiShow
- ficonClear
- ficonCupSet
- ficonCupShow
- ficonHelp
- ficonShow
- fipsCfg
- firmwareCommit
- firmwareDownload
- firmwareDownloadStatus
- firmwareKeyShow
- firmwareKeyUpdate
- firmwareRestore
- firmwareShow
- fosConfig
- fruReplace
- fspfShow
- fwAlarmsFilterSet
- fwAlarmsFilterShow
- fwClassInit
- fwConfigReload
- fwConfigure
- fwFruCfg
- fwHelp
- fwMailCfg
- fwPortDetailShow
- fwSamShow
- fwSet
- fwSetToCustom
- fwSetToDefault
- fwShow
- h
- haDisable
- haDump
- haEnable
- haFailover
- haShow
- haSyncStart
- haSyncStop
- help
- historyLastShow
- historyMode
- historyShow
- httpCfgShow
- i
- iclCfg
- ifModeSet
- ifModeShow
- interfaceShow
- interopMode
- iodDelayReset
- iodDelaySet
- iodDelayShow
- iodReset
- iodSet
- iodShow
- ipAddrSet
- ipAddrShow
- ipfilter
- iscsiCfg
- iscsiChipTest
- iscsiHelp
- iscsiPathTest
- iscsiPortCfg
- iscsiSessionCfg
- iscsiSwCfg
- islShow
- isnscCfg
- itemList
- killTelnet
- ldapCfg
- licenseAdd
- licenseHelp
- licenseIdShow
- licensePort
- licenseRemove
- licenseShow
- linkCost
- login
- logout
- lsanZoneShow
- lsDbShow
- memShow
- miniCycle
- msCapabilityShow
- msConfigure
- msPlatShow
- msPlatShowDBCB
- msPlClearDB
- msPlMgmtActivate
- msPlMgmtDeactivate
- msTdDisable
- msTdEnable
- msTdReadConfig
- myId
- nbrStateShow
- nbrStatsClear
- nodeFind
- nsAliasShow
- nsAllShow
- nsCamShow
- nsShow
- nsZoneMember
- passwd
- passwdCfg
- pathInfo
- pdShow
- perfAddEEMonitor
- perfAddIPMonitor
- perfAddReadMonitor
- perfAddRWMonitor
- perfAddSCSIMonitor
- perfAddUserMonitor
- perfAddWriteMonitor
- perfCfgClear
- perfCfgRestore
- perfCfgSave
- perfClearAlpaCrc
- perfDelEEMonitor
- perfDelFilterMonitor
- perfHelp
- perfMonitorClear
- perfMonitorShow
- perfSetPortEEMask
- perfShowAlpaCrc
- perfShowPortEEMask
- perfTTmon
- pkiCreate
- pkiRemove
- pkiShow
- policy
- portAlpaShow
- portBufferShow
- portCamShow
- portCfg
- portCfgAlpa
- portCfgCreditRecovery
- portCfgDefault
- portCfgEPort
- portCfgEXPort
- portCfgGPort
- portCfgISLMode
- portCfgLongDistance
- portCfgLPort
- portCfgNPIVPort
- portCfgNPort
- portCfgPersistentDisable
- portCfgPersistentEnable
- PortCfgQos
- portCfgShow
- portCfgSpeed
- portCfgTrunkPort
- portCfgVEXPort
- portCmd
- portDebug
- portDisable
- portEnable
- portErrShow
- portFlagsShow
- portLedTest
- portLogClear
- portLogConfigShow
- portLogDisable
- portLogDump
- portLogDumpPort
- portLogEnable
- portLogEventShow
- portLoginShow
- portLogPdisc
- portLogReset
- portLogResize
- portLogShow
- portLogShowPort
- portLogTypeDisable
- portLogTypeEnable
- portLoopbackTest
- portMirror
- portName
- portPerfShow
- portRouteShow
- portShow
- portStats64Show
- portStatsClear
- portStatsShow
- portSwap
- portSwapDisable
- portSwapEnable
- portSwapShow
- portTest
- portTestShow
- portTrunkArea
- portZoneShow
- powerOffListSet
- powerOffListShow
- psShow
- reboot
- routeHelp
- secActiveSize
- secAuthSecret
- secCertUtil
- secDefineSize
- secGlobalShow
- secHelp
- secPolicyAbort
- secPolicyActivate
- secPolicyAdd
- secPolicyCreate
- secPolicyDelete
- secPolicyDump
- secPolicyFCSMove
- secPolicyRemove
- secPolicySave
- secPolicyShow
- secStatsReset
- secStatsShow
- sensorShow
- setDbg
- setModem
- setVerbose
- sfpShow
- shellFlowControlDisable
- shellFlowControlEnable
- slotPowerOff
- slotPowerOn
- slotShow
- snmpConfig
- spinFab
- sshUtil
- statsClear
- stopPortTest
- supportFfdc
- supportFtp
- supportSave
- supportShow
- supportShowCfgDisable
- supportShowCfgEnable
- supportShowCfgShow
- switchBeacon
- switchCfgPersistentDisable
- switchCfgPersistentEnable
- switchCfgSpeed
- switchCfgTrunk
- switchDisable
- switchEnable
- switchName
- switchShow
- switchStatusPolicySet
- switchStatusPolicyShow
- switchStatusShow
- switchUptime
- switchViolation
- syslogdFacility
- syslogdIpAdd
- syslogdIpRemove
- syslogdIpShow
- sysShutDown
- systemVerification
- tempShow
- timeOut
- topologyShow
- traceDump
- trackChangesHelp
- trackChangesSet
- trackChangesShow
- trunkDebug
- trunkShow
- tsClockServer
- tsTimeZone
- turboRamTest
- upTime
- uRouteConfig
- uRouteRemove
- uRouteShow
- usbStorage
- userConfig
- userRename
- version
- wwn
- zone
- zoneAdd
- zoneCreate
- zoneDelete
- zoneHelp
- zoneObjectCopy
- zoneObjectExpunge
- zoneObjectRename
- zoneRemove
- zoneShow
- Primary FCS commands
- Control Processor Commands
- Command availability
- Index
294 Fabric OS Command Reference
53-1000599-02
ipfilter
2
The following arguments are supported with the --addrule option:
-sip Specifies the source IP address. For filters of type IPv4, the address must be
a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type
IPv6, the address must be a 12- bit IPv6 address in any format specified by
RFC, or a CIDR-style IPv6 prefix.
-dp Specifies the destination port number, a range of port numbers, or a service
name.
-proto Specifies the protocol type, for example tcp or udp.
-act Specifies the permit or deny action associated with this rule.
rule rule_number
Adds a new rule at the specified rule index number. The rule number must be
between 1 and the current maximum rule number plus one.
--delrule policyname -rule rule_number
Deletes a rule from the specified IP filter policy. Deleting a rule in the
specified IP filter policy causes the rules following the deleted rule to shift up
in rule order. The change to the specified IP filter policy is not saved to the
persistent configuration until it is saved or activated.
--transabort A transaction is associated with a CLI or manageability session. It is opened
implicitly when running the --create, --addrule and --delrule
subcommands. --transabort explicitly ends the transaction owned by the
current CLI or manageability session. If a transaction is not ended, other CLI
or manageability sessions are blocked on the subcommands that would open
a new transaction.
Examples To create an IP filter for a policy with an IPv6 address:
switch:admin> ipfilter --create ex1 -type ipv6
To add a new rule to the policy and specify the source IP address, destination port, and protocol,
and to permit the rule:
switch:admin> ipfilter --addrule ex1 -sip fec0:60:69bc:60:260:69ff:fe80:d4a -dp 23 -proto tcp -act permit
To display all existing IP filter policies:
switch:admin> ipfilter --show
Name: default_ipv4, Type: ipv4, State: active
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 897 permit
4 any tcp 898 permit
5 any tcp 111 permit
6 any tcp 80 permit
7 any tcp 443 permit
8 any udp 161 permit
9 any udp 111 permit
10 any udp 123 permit
11 any tcp 600 - 1023 permit
12 any udp 600 - 1023 permit