beautypg.com

Dell POWEREDGE M1000E User Manual

Page 502

background image

474

Fabric OS Command Reference

53-1002746-01

ipFilter

2

The following arguments are supported with the --addrule option:

-sip source_IP

Specifies the source IP address. For filters of type IPv4, the address must be a
32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type IPv6,
the address must be a 12- bit IPv6 address in any format specified by RFC3513,
or a CIDR-style IPv6 prefix. The source IP option is not supported for FORWARD
traffic

-dp destination_port

Specifies the destination port number, a range of port numbers, or a service
name. Note that blocking or permitting of ports 1024 and above is not allowed.
These ports are used by various applications and services on the switch.

-proto protocol

Specifies the protocol type, for example, tcp or udp.

-act permit | deny

Specifies the permit or deny action associated with this rule. Blocking or permitting
port 1024 and above is not allowed. Ports numbered 1024 and higher are used by
applications for services such as FTP and blocking these ports may cause these
applications to behave in unexpected ways.

rule rule_number

Adds a new rule at the specified rule index number. The rule number must be
between 1 and the current maximum rule number plus one.

-type INPUT | FWD

Specifies the type of traffic that is allowed for the specified IP address.
Forwarding rules manage the bidirectional traffic between the external Ethernet
interface (eth0/bond0) and the inband management interface (inbd+). INPUT
traffic is the default type of traffic for IP filter rules.

-dip destination_IP

Specifies the destination IP address. For filters of type IPV4, the address must be
a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type
IPv6, the address must be in a 128-bit IPv6 address in any format specified by
RFC3513, or a CIDR-style IPv6 prefix. The destination IP option is not be
supported for INPUT traffic type.

--delrule policyname -rule rule_number

Deletes a rule from the specified IP filter policy. Deleting a rule in the specified IP
filter policy causes the rules following the deleted rule to shift up in rule order. The
change to the specified IP filter policy is not saved to the persistent configuration
until it is saved or activated.

--transabort

A transaction is associated with a CLI or manageability session, which is opened
implicitly when you execute the --create, --addrule and --delrule subcommands.
The --transabort command explicitly ends the transaction owned by the current
CLI or manageability session. If a transaction is not ended, other CLI or
manageability sessions are blocked on the subcommands that would open a new
transaction.

--clrcounters

Clears the IP filter counters. This command requires root permissions.

--showcounters

Displays the IP filter counters. This command requires root permissions.

EXAMPLES

To create an IP filter for a policy with an IPv6 address:

switch:admin> ipfilter --create ex1 -type ipv6