beautypg.com

Firewall-policy, Chapter 14, Chapter 14, firewall-policy – Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual

Page 989: Chapter

background image

Brocade Mobility RFS Controller CLI Reference Guide

979

53-1003098-01

Chapter

14

FIREWALL-POLICY

This chapter summarizes the firewall policy commands in the CLI command structure.

A firewall protects a network from attacks and unauthorized access from outside the network.
Simultaneously, it allows authorized users to access required resources. Firewalls work on multiple
levels. Some work at layers 1, 2 and 3 to inspect each packet. The packet is either passed, dropped
or rejected based on rules configured on the firewall.

Firewalls use application layer filtering to enforce compliance. These firewalls can understand
applications and protocols and can detect if an unauthorized protocol is being used, or an
authorized protocol is being abused in any malicious way.

The third set of firewalls, ‘Stateful Firewalls’, consider the placement of individual packets within
each packet in the series of packets being transmitted. If there is a packet that does not fit into the
sequence, it is automatically identified and dropped.

Use (config) instance to configure firewall policy commands. To navigate to the config-fw-policy
instance, use the following commands:

(config)#firewall-policy

rfs7000-37FABE(config)#firewall-policy test

rfs7000-37FABE(config-fw-policy-test)#?

Firewall policy Mode commands:

acl-logging Log on flow creating traffic

alg Enable ALG

clamp Clamp value

dhcp-offer-convert Enable conversion of broadcast dhcp offers to

unicast

dns-snoop DNS Snooping

firewall Wireless firewall

flow Firewall flow

ip Internet Protocol (IP)

ip-mac Action based on ip-mac table

logging Firewall enhanced logging

no Negate a command or set its defaults

proxy-arp Enable generation of ARP responses on behalf

of another device

stateful-packet-inspection-l2 Enable stateful packet inspection in layer2

firewall

storm-control Storm-control

virtual-defragmentation Enable virtual defragmentation for IPv4

packets (recommended for proper functioning

of firewall)

clrscr Clears the display screen

commit Commit all changes made in this session

do Run commands from Exec mode

end End current mode and change to EXEC mode

exit End current mode and down to previous mode

help Description of the interactive help system

revert Revert changes

See also other documents in the category Brocade Computer Accessories: