beautypg.com

Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 912

background image

900

Brocade Mobility RFS Controller CLI Reference Guide

53-1003098-01

12

Usage Guidelines:

Use this command to deny traffic between networks/hosts based on the protocol type selected in
the access list configuration. The following protocols are supported:

IP

ICMP

host

Identifies a specific host (as the destination to match) by its IP address. TCP/UDP packets addressed to the
specified host are dropped.

– Specify the destination host’s exact IP address in the A.B.C.D format.

-NAME>

This keyword is common to the ‘tcp’ and ‘udp’ parameters.
Applies a network-group alias to identify the destination IP addresses. TCP/UDP packets destined to the
addresses identified in the network-group alias are dropped.

– Specify the network-group alias name (should be existing and
configured).

range

Specifies a range of source ports

– Specify the first port in the range.

– Specify the last port in the range.

eq
[<1-65535>|
|
|bgp|dns|ftp|
ftp-data|gopher|
https|ldap|nntp|ntp|
pop3|sip|smtp|
ssh|telnet|
tftp|www]

Identifies a specific destination or protocol port to match

<1-65535> – The destination port is designated by its number

– Specifies the service name

bgp – The designated Border Gateway Protocol (BGP) protocol port (179)

dns – The designated Domain Name System (DNS) protocol port (53)

ftp – The designated File Transfer Protocol (FTP) protocol port (21)

ftp-data – The designated FTP data port (20)

gropher – The designated GROPHER protocol port (70)

https – The designated HTTPS protocol port (443)

ldap – The designated Lightweight Directory Access Protocol (LDAP) protocol port (389)

nntp – The designated Network News Transfer Protocol (NNTP) protocol port (119)

ntp – The designated Network Time Protocol (NTP) protocol port (123)

pop3 – The designated POP3 protocol port (110)

Contd..

sip – The designated Session Initiation Protocol (SIP) protocol port (5060)

smtp – The designated Simple Mail Transfer Protocol (SMTP) protocol port (25)

ssh – The designated Secure Shell (SSH) protocol port (22)

telnet – The designated Telnet protocol port (23)

tftp – The designated Trivial File Transfer Protocol (TFTP) protocol port (69)

www – The designated www protocol port (80)

range

Specifies a range of destination ports

– Specify the first port in the range.

– Specify the last port in the range.

log

Logs all deny events matching this entry. If a source and/or destination IP address or port is matched (i.e. a
TCP/UDP packet is received from a specified IP address and/or is destined for a specified IP address), an
event is logged.

rule-precedence
<1-5000>
rule-description

The following keywords are recursive and common to all of the above:

rule-precedence – Assigns a precedence for this deny rule

<1-5000> – Specify a value from 1 - 5000.

Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.

rule-description – Optional. Configures a description for this deny rule. Provide a description that

uniquely identifies the purpose of this rule (should not exceed 128 characters in length).

See also other documents in the category Brocade Computer Accessories: