beautypg.com

Default policy rules, Ip filter policy enforcement – Brocade Fabric OS Administrators Guide (Supporting Fabric OS v7.3.0) User Manual

Page 236

background image

Implicit IP Filter rules

TABLE 48

Source address

Destination port

Protocol

Action

Any

1024-65535

TCP

Permit

Any

1024-65535

UDP

Permit

Default policy rules

Switches have a default IP Filter policy for IPv4 and IPv6. The default IP Filter policy cannot be
deleted or changed. When an alternative IP Filter policy is activated, the default IP Filter policy
becomes deactivated.

Table 49

lists the rules of the default IP Filter policy.

Default IP policy rules

TABLE 49

Rule number

Source address

Destination port

Protocol

Action

1

Any

22

TCP

Permit

2

Any

23

TCP

Permit

6

Any

80

TCP

Permit

7

Any

443

TCP

Permit

8

Any

161

UDP

Permit

10

Any

123

UDP

Permit

11

8

Any

600-1023

TCP

Permit

12

8

Any

600-1023

UDP

Permit

IP Filter policy enforcement

An active IP Filter policy is a filter applied to the IP packets through the management interface. IPv4
management traffic passes through the active IPv4 filter policy, and IPv6 management traffic passes
through the active IPv6 filter policy. The IP Filter policy applies to the incoming (ingress) management
traffic only. When a packet arrives, it is compared against each rule, starting from the first rule. If a
match is found for the source address, destination port, and protocol, the corresponding action for this
rule is taken, and the subsequent rules in this policy are ignored. If there is no match, then it is
compared to the next rule in the policy. This process continues until the incoming packet is compared
to all rules in the active policy.

If none of the rules in the policy matches the incoming packet, the two implicit rules are matched to the
incoming packet. If the rules still do not match the packet, the default action, which is to deny, is taken.

When the IPv4 or IPv6 address for the management interface of a switch is changed through the
ipAddrSet command or manageability tools, the active IP Filter policies automatically become
enforced on the management IP interface with the changed IP address.

8

None of the RPC ports are configurable, even though the action shows "Permit".

Default policy rules

236

Fabric OS Administrators Guide

53-1003130-01

See also other documents in the category Brocade Computer Accessories: