Cloning an ip filter policy, Displaying an ip filter policy, Saving an ip filter policy – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Cloning an IP Filter policy

You can create an IP Filter policy as an exact copy of an existing policy. The policy created is stored in
a temporary buffer and has the same type and rules as the existing defined or active policy.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having OM permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --clone command.

Displaying an IP Filter policy

You can display the IP Filter policy content for the specified policy name, or all IP Filter policies if a
policy name is not specified.

For each IP Filter policy, the policy name, type, persistent state and policy rules are displayed. The
policy rules are listed by the rule number in ascending order. There is no pagination stop for multiple
screens of information. Pipe the output to the |more command to achieve this.

If a temporary buffer exists for an IP Filter policy, the--show subcommand displays the content in the
temporary buffer, with the persistent state set to no.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having the O permission for the IPfilter RBAC class of commands.

2. Enter the ipFilter --show command.

Saving an IP Filter policy

You can save one or all IP Filter policies persistently in the defined configuration.

Only the CLI session that owns the updated temporary buffer may run this command. Modification to
an active policy cannot be saved without being applied. Hence, the--save subcommand is blocked for
the active policies. Use--activate instead.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having the OM permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --save command.

Activating an IP Filter policy

IP Filter policies are not enforced until they are activated. Only one IP Filter policy per IPv4 and IPv6
type can be active. If there is a temporary buffer for the policy, the policy is saved to the defined
configuration and activated at the same time. If there is no temporary buffer for the policy, the policy
existing in the defined configuration becomes active. The activated policy continues to remain in the
defined configuration. The policy to be activated replaces the existing active policy of the same type.
Activating the default IP Filter policies returns the IP management interface to its default state. An IP
Filter policy without any rule cannot be activated. This subcommand prompts for a user confirmation
before proceeding.

1. Log in to the switch using an account with admin permissions, or an account associated with the

chassis role and having OM permissions for the IPfilter RBAC class of commands.

2. Enter the ipFilter --activate command.

Cloning an IP Filter policy

232

Fabric OS Administrators Guide

53-1003130-01