Dell POWEREDGE M1000E User Manual
Page 462
430
Fabric OS Command Reference
53-1001764-02
ipfilter
2
The following arguments are supported with the --addrule option:
-sip
Specifies the source IP address. For filters of type IPv4, the address must be
a 32-bit address in dot notation, or a CIDR-style IPv4 prefix. For filters of type
IPv6, the address must be a 12- bit IPv6 address in any format specified by
RFC, or a CIDR-style IPv6 prefix.
-dp
Specifies the destination port number, a range of port numbers, or a service
name.
-proto
Specifies the protocol type, for example tcp or udp.
-act
Specifies the permit or deny action associated with this rule.
rule rule_number
Adds a new rule at the specified rule index number. The rule number must be
between 1 and the current maximum rule number plus one.
--
delrule policyname -rule rule_number
Deletes a rule from the specified IP filter policy. Deleting a rule in the
specified IP filter policy causes the rules following the deleted rule to shift up
in rule order. The change to the specified IP filter policy is not saved to the
persistent configuration until it is saved or activated.
--
transabort
A transaction is associated with a CLI or manageability session. It is opened
implicitly when running the --create, --addrule and --delrule
subcommands. --transabort explicitly ends the transaction owned by the
current CLI or manageability session. If a transaction is not ended, other CLI
or manageability sessions are blocked on the subcommands that would open
a new transaction.
Examples
To create an IP filter for a policy with an IPv6 address:
switch:admin>
ipfilter --create ex1 -type ipv6
To add a new rule to the policy and specify the source IP address, destination port, and protocol,
and to permit the rule:
switch:admin>
ipfilter --addrule ex1 -sip fec0:60:69bc:60:260:69ff:fe80:d4a -dp 23 \
-proto tcp -act permit
To display all existing IP filter policies:
switch:admin>
ipfilter --show
Name: default_ipv4, Type: ipv4, State: active
Rule Source IP
Protocol Dest Port Action
1 any
tcp 22 permit
2 any
tcp 23 permit
3 any
tcp 897 permit
4 any
tcp 898 permit
5 any
tcp 111 permit
6 any
tcp 80 permit
7 any
tcp 443 permit
8 any
udp 161 permit
9 any
udp 111 permit
10 any
udp 123 permit
11 any
tcp 600 - 1023 permit
12 any
udp 600 - 1023 permit