Fabric OS Command Reference
451
53-1001764-01
ipFilter
2
The following arguments are supported with the
--addrule
option:
-sip
source_IP
Specifies the source IP address. For filters of type IPv4, the address must be a
32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type IPv6,
the address must be a 12- bit IPv6 address in any format specified by RFC3513,
or a CIDR-style IPv6 prefix. The source IP option is not supported for FORWARD
traffic
-dp
destination_port
Specifies the destination port number, a range of port numbers, or a service
name. Note that blocking or permitting of ports 1024 and above is not allowed.
These ports are used by various applications and services on the switch.
-proto
protocol
Specifies the protocol type, for example,
tcp
or
udp
.
-act
permit | deny
Specifies the permit or deny action associated with this rule. Blocking or permitting
port 1024 and above is not allowed. Ports numbered 1024 and higher are used by
applications for services such as FTP and blocking these ports may cause these
applications to behave in unexpected ways.
rule
rule_number
Adds a new rule at the specified rule index number. The rule number must be
between 1 and the current maximum rule number plus one.
-type
INPUT | FWD
Specifies the type of traffic that is allowed for the specified IP address.
Forwarding rules manage the bidirectional traffic between the external Ethernet
interface (eth0/bond0) and the inband management interface (inbd+). INPUT
traffic is the default type of traffic for IP filter rules.
-dip
destination_IP
Specifies the destination IP address. For filters of type IPV4, the address must be
a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type
IPv6, the address must be in a 128-bit IPv6 address in any format specified by
RFC3513, or a CIDR-style IPv6 prefix. The destination IP option is not be
supported for INPUT traffic type.
--delrule
policyname
-rule
rule_number
Deletes a rule from the specified IP filter policy. Deleting a rule in the specified IP
filter policy causes the rules following the deleted rule to shift up in rule order. The
change to the specified IP filter policy is not saved to the persistent configuration
until it is saved or activated.
--transabort
A transaction is associated with a CLI or manageability session, which is opened
implicitly when you execute the
--create
,
--addrule
and
--delrule
subcommands.
The
--transabort
command explicitly ends the transaction owned by the current
CLI or manageability session. If a transaction is not ended, other CLI or
manageability sessions are blocked on the subcommands that would open a new
transaction.
--clrcounters
Clears the IP filter counters.
--showcounters
Displays the IP filter counters.
EXAMPLES
To create an IP filter for a policy with an IPv6 address:
switch:admin>
ipfilter --create ex1 -type ipv6
Содержание Fabric OS v7.0.1
Страница 1: ...53 1002447 01 15 December 2011 Fabric OS Command Reference Supporting Fabric OS v7 0 1 ...
Страница 6: ...vi Fabric OS Command Reference 53 1002447 01 ...
Страница 30: ...4 Fabric OS Command Reference 53 1002447 01 Using the command line interface 1 ...
Страница 118: ...92 Fabric OS Command Reference 53 1001764 01 ceePortLedTest 22 ceePortLedTest DESCRIPTION See portLedTest SEE ALSO None ...
Страница 270: ...244 Fabric OS Command Reference 53 1001764 01 exit 22 exit DESCRIPTION See logout SEE ALSO None ...
Страница 1132: ...1106 Fabric OS Command Reference 53 1002447 01 General Fabric OS commands and permissions A ...