Brocade Fabric OS Command Reference Guide v6.1.0 (53-1000599-02, June 2008)
Table Of Contents
- Contents
- About This Document
- Using Fabric OS Commands
- Fabric OS Commands
- aaaConfig
- ad
- ag
- agshow
- aliAdd
- aliCreate
- aliDelete
- aliRemove
- aliShow
- aptPolicy
- auditCfg
- authUtil
- bannerSet
- bannerShow
- bcastShow
- bladeBeacon
- bladeDisable
- bladeEnable
- burninErrClear
- burninErrShow
- burninLevel
- burninStatus
- cfgActvShow
- cfgAdd
- cfgClear
- cfgCreate
- cfgDelete
- cfgDisable
- cfgEnable
- cfgMcdtmode
- cfgRemove
- cfgSave
- cfgSaveActiveToDefined
- cfgShow
- cfgSize
- cfgTransAbort
- cfgTransShow
- chassisConfig
- chassisName
- chassisShow
- cliHistory
- configDefault
- configDownload
- configList
- configRemove
- configShow
- configUpload
- configure
- dataTypeShow
- date
- dbgShow
- defZone
- diagClearError
- diagDisablePost
- diagEnablePost
- diagHelp
- diagPost
- diagRetry
- diagSetBurnin
- diagSetCycle
- diagShow
- diagSkipTests
- diagStopBurnin
- dbgShow
- distribute
- dlsReset
- dlsSet
- dlsShow
- dnsConfig
- enclosureShow
- errClear
- errDelimiterSet
- errDump
- errFilterSet
- errModuleShow
- errShow
- exit
- fabPortShow
- fabRetryShow
- fabricLog
- fabricPrincipal
- fabricShow
- fabStatsShow
- fabSwitchShow
- fanDisable
- fanEnable
- fanShow
- fastboot
- fastwritecfg
- fcipChipTest
- fcipHelp
- fcipPathTest
- fcLunQuery
- fcPing
- fcpLogClear
- fcpLogDisable
- fcpLogEnable
- fcpLogShow
- fcpProbeShow
- fcpRlsShow
- fcrBcastConfig
- fcrChipTest
- fcrConfigure
- fcrFabricShow
- fcrLsanCount
- fcrLsanMatrix
- fcrPathTest
- fcrPhyDevShow
- fcrProxyConfig
- fcrProxyDevShow
- fcrResourceShow
- fcrRouterPortCost
- fcrRouteShow
- fcrXlateConfig
- fddCfg
- fdmiCacheShow
- fdmiShow
- ficonClear
- ficonCupSet
- ficonCupShow
- ficonHelp
- ficonShow
- fipsCfg
- firmwareCommit
- firmwareDownload
- firmwareDownloadStatus
- firmwareKeyShow
- firmwareKeyUpdate
- firmwareRestore
- firmwareShow
- fosConfig
- fruReplace
- fspfShow
- fwAlarmsFilterSet
- fwAlarmsFilterShow
- fwClassInit
- fwConfigReload
- fwConfigure
- fwFruCfg
- fwHelp
- fwMailCfg
- fwPortDetailShow
- fwSamShow
- fwSet
- fwSetToCustom
- fwSetToDefault
- fwShow
- h
- haDisable
- haDump
- haEnable
- haFailover
- haShow
- haSyncStart
- haSyncStop
- help
- historyLastShow
- historyMode
- historyShow
- httpCfgShow
- i
- iclCfg
- ifModeSet
- ifModeShow
- interfaceShow
- interopMode
- iodDelayReset
- iodDelaySet
- iodDelayShow
- iodReset
- iodSet
- iodShow
- ipAddrSet
- ipAddrShow
- ipfilter
- iscsiCfg
- iscsiChipTest
- iscsiHelp
- iscsiPathTest
- iscsiPortCfg
- iscsiSessionCfg
- iscsiSwCfg
- islShow
- isnscCfg
- itemList
- killTelnet
- ldapCfg
- licenseAdd
- licenseHelp
- licenseIdShow
- licensePort
- licenseRemove
- licenseShow
- linkCost
- login
- logout
- lsanZoneShow
- lsDbShow
- memShow
- miniCycle
- msCapabilityShow
- msConfigure
- msPlatShow
- msPlatShowDBCB
- msPlClearDB
- msPlMgmtActivate
- msPlMgmtDeactivate
- msTdDisable
- msTdEnable
- msTdReadConfig
- myId
- nbrStateShow
- nbrStatsClear
- nodeFind
- nsAliasShow
- nsAllShow
- nsCamShow
- nsShow
- nsZoneMember
- passwd
- passwdCfg
- pathInfo
- pdShow
- perfAddEEMonitor
- perfAddIPMonitor
- perfAddReadMonitor
- perfAddRWMonitor
- perfAddSCSIMonitor
- perfAddUserMonitor
- perfAddWriteMonitor
- perfCfgClear
- perfCfgRestore
- perfCfgSave
- perfClearAlpaCrc
- perfDelEEMonitor
- perfDelFilterMonitor
- perfHelp
- perfMonitorClear
- perfMonitorShow
- perfSetPortEEMask
- perfShowAlpaCrc
- perfShowPortEEMask
- perfTTmon
- pkiCreate
- pkiRemove
- pkiShow
- policy
- portAlpaShow
- portBufferShow
- portCamShow
- portCfg
- portCfgAlpa
- portCfgCreditRecovery
- portCfgDefault
- portCfgEPort
- portCfgEXPort
- portCfgGPort
- portCfgISLMode
- portCfgLongDistance
- portCfgLPort
- portCfgNPIVPort
- portCfgNPort
- portCfgPersistentDisable
- portCfgPersistentEnable
- PortCfgQos
- portCfgShow
- portCfgSpeed
- portCfgTrunkPort
- portCfgVEXPort
- portCmd
- portDebug
- portDisable
- portEnable
- portErrShow
- portFlagsShow
- portLedTest
- portLogClear
- portLogConfigShow
- portLogDisable
- portLogDump
- portLogDumpPort
- portLogEnable
- portLogEventShow
- portLoginShow
- portLogPdisc
- portLogReset
- portLogResize
- portLogShow
- portLogShowPort
- portLogTypeDisable
- portLogTypeEnable
- portLoopbackTest
- portMirror
- portName
- portPerfShow
- portRouteShow
- portShow
- portStats64Show
- portStatsClear
- portStatsShow
- portSwap
- portSwapDisable
- portSwapEnable
- portSwapShow
- portTest
- portTestShow
- portTrunkArea
- portZoneShow
- powerOffListSet
- powerOffListShow
- psShow
- reboot
- routeHelp
- secActiveSize
- secAuthSecret
- secCertUtil
- secDefineSize
- secGlobalShow
- secHelp
- secPolicyAbort
- secPolicyActivate
- secPolicyAdd
- secPolicyCreate
- secPolicyDelete
- secPolicyDump
- secPolicyFCSMove
- secPolicyRemove
- secPolicySave
- secPolicyShow
- secStatsReset
- secStatsShow
- sensorShow
- setDbg
- setModem
- setVerbose
- sfpShow
- shellFlowControlDisable
- shellFlowControlEnable
- slotPowerOff
- slotPowerOn
- slotShow
- snmpConfig
- spinFab
- sshUtil
- statsClear
- stopPortTest
- supportFfdc
- supportFtp
- supportSave
- supportShow
- supportShowCfgDisable
- supportShowCfgEnable
- supportShowCfgShow
- switchBeacon
- switchCfgPersistentDisable
- switchCfgPersistentEnable
- switchCfgSpeed
- switchCfgTrunk
- switchDisable
- switchEnable
- switchName
- switchShow
- switchStatusPolicySet
- switchStatusPolicyShow
- switchStatusShow
- switchUptime
- switchViolation
- syslogdFacility
- syslogdIpAdd
- syslogdIpRemove
- syslogdIpShow
- sysShutDown
- systemVerification
- tempShow
- timeOut
- topologyShow
- traceDump
- trackChangesHelp
- trackChangesSet
- trackChangesShow
- trunkDebug
- trunkShow
- tsClockServer
- tsTimeZone
- turboRamTest
- upTime
- uRouteConfig
- uRouteRemove
- uRouteShow
- usbStorage
- userConfig
- userRename
- version
- wwn
- zone
- zoneAdd
- zoneCreate
- zoneDelete
- zoneHelp
- zoneObjectCopy
- zoneObjectExpunge
- zoneObjectRename
- zoneRemove
- zoneShow
- Primary FCS commands
- Control Processor Commands
- Command availability
- Index
292 Fabric OS Command Reference
53-1000599-02
ipfilter
2
ipfilter
Manages the IP filter policies.
Synopsis ipfilter --create policyname -type ipv4 | ipv6
ipfilter --clone policyname -from src_policyname
ipfilter --show [policyname]
ipfilter --save [policyname]
ipfilter --activate policyname
ipfilter --delete policyname
ipfilter --addrule policyname -rule rule_number -sip source IP -dp dest port -proto protocol -act
permit | deny
ipfilter --delrule policyname -rule rule number
ipfilter --transabort
Description Use this command to manage IP filter policies. The ipfilter command and command options are
non-interactive, except when prompting for a confirmation.
The IP filter policy sets up a packet filtering firewall to provide access control on the management IP
interface. The IPv4 and IPv6 policies are either in the defined configuration or in the active
configuration.
Excluding the default policies, there can be a maximum of six policies in the defined configuration
and one policy per IPv4 and IPv6 type in the active configuration.
The active policy must be the default policy or one of the policies in the defined configuration. Only
the active policies are enforced. All of the ipfilter options except --show and --
transabort, create
a transaction owned by the management session initiating the commands.
An open transaction prevents other transactions from being created on different management
sessions. The --create, --clone, --delete, --addrule, and --delrule operands modify policies in
memory buffer, while operands, --save and --activate commit policies to the persistent
configuration. The operands, --save and --activate, implicitly end the transaction if all policy
changes are committed. The operand --transabort explicitly ends an open transaction and aborts
policy changes in memory buffer. Closing the management session that owns the transaction also
aborts policy changes and closes the transaction.
Note The execution of this command is subject to Admin Domain restrictions that may be in place. Refer
to chapter 1, "Understanding Admin Domain Restrictions" and Appendix A, "Command Availability"
for details.
Operands This command has the following operands:
policyname Specifies an IP filter policy name. The policy name is a unique string
composed of a maximum of 20 alpha numeric or underscore characters. The
default_ipv4 and default_ipv6 names are reserved for default IP filter
policies. The policy name is case-insensitive and is always stored as lower
case. The policy type identifies the policy as an IPv4 or IPv6 filter. You can
create a maximum of eight IP filter policies.