Brocade Fabric OS Command Reference Manual - Supporting Fabric OS v5.3.0 (53-1000436-01, June 2007)

310 Fabric OS Command Reference Manual

53-1000436-01

ipfilter

Specifies the destination port number, a range of port numbers, or a service

name.

-proto

Specifies the protocol type, for example tcp or udp.

-act

Specifies the permit or deny action associated with this rule.

-rule rule_number

Adds a new rule at the given rule index number that is valid between 1 and

the current maximum rule number plus one.

delrule <policyname> -rule rule_number

Deletes a rule specified by rule number from the specified IP filter policy.

Deleting a rule in the specified IP filter policy causes the rules following the

deleted rule to shift up in rule order. The change to the specified IP filter

policy is not saved to persistent configuration until a save or activate is run.

--transabort A transaction is associated with a CLI or manageability session. It is opened

implicitly when running the -create, --addrule and --delrule subcommands.

--transabort explicitly ends the transaction owned by the current CLI or

manageability session. If a transaction is not ended, other CLI or

manageability sessions are blocked on the subcommands that would open a

new transaction.

Examples To create an IP filter for a specific policy with an IPv4 address:

switch:admin> ipfilter --create ex1 -type ipv4

To add a new rule to the specific policy and specify the source IP address, destination port number,

and to permit the rule:

switch:admin> ipfilter --addrule ex1 -sip 192.168.44.6 -dp 23 -proto tcp -act

permit

To display the IP filter policy for a specify IP policy and type:

Switch:admin> ipfilter --show ex1

Name: ex1, Type: ipv4, State: defined (modified)

Rule Source IP Protocol Dest Port Action

1 192.168.44.6 tcp 23 permit

2 192.168.45.9 tcp 123 deny