Brocade Fabric OS Command Reference Manual - Supporting Fabric OS v5.3.0 (53-1000436-01, June 2007)
Fabric OS Command Reference Manual 309
53-1000436-01
ipfilter
2
--clone <policyname> -from src_policyname
Creates a replica of an existing IP filter policy. The cloned policy is stored in a
temporary buffer with same rules as the policy it mirrored.
--show [policyname]
Displays the IP filter policy content for the specified policy name, or all IP filter
policies if policyname is not specified. For each IP filter policy, the policy
name, type, persistent state, and policy rules are displayed. The policy rules
are listed by the rule number in ascending order.
There is no pagination stop for multiple screens of information. Pipe the
output to the more command to achieve this. If a temporary buffer exists for a
IP filter policy, the --show sub-command displays the content in the temporary
buffer, with the persistent state set to modified defined or modified active.
--save [policyname]
Saves one or all IP filter policies persistently as defined configuration.
Policyname is optional, if used, the IP filter policy in temporary buffer will be
saved; otherwise, all IP filter policies in the temporary buffer will be saved.
Only the CLI session that owns the updated temporary buffer can run this
command. Modification to an active policy cannot be saved without being
applied. Therefore, --save is blocked for the active policies, instead use
--activate.
--activate <policyname>
Activates the specified IP filter policy. IP filter policies are not enforced until
they are activated. Only one IP filter policy per IPv4 and IPv6 type can be
active. If there is a temporary buffer for the policy, the policy is saved to the
defined configuration and activated at the same time. If there is no temporary
buffer for the policy, the policy existing in the defined configuration will
become active. The policy to be activated will replace the existing active policy
of the same type. Activating the default IP filter policies will return the IP
management interface to its default state. An IP filter policy without any rule
cannot be activated. This operand prompts for a user confirmation before
proceeding.
--delete <policyname>
Deletes the specified IP filter policy. Deleting an IP filter policy removes it from
the temporary buffer. To permanently delete the policy from persistent
database, issue ipfilter --save. An active IP filter policy cannot be deleted.
--addrule <policyname>
Adds a new rule to the specified IP filter policy. The change made to the
specified IP filter policy is not saved to persistent configuration until a save or
activate is run.
See the following sub commands for --addrule:
-sip
Specifies the source IP address. For IPV4 filter type, the address must be a
32 bit address in dot notation, or a CIDR style IPv4 prefix. For IPv6 filter type,
the address must be in a 128 bit IPv6 address in any format specified by RFC,
or a CIDR style IPv6 prefix.
-dp