Filter
Top Products
Fabric OS Administrator’s Guide 219
53-1002745-02
IP Filter policy
7
1. Log in to the switch using an account with admin permissions, or an account associated with
the chassis role and having the OM permissions for the IPfilter RBAC class of commands.
2. Enter the ipFilter
–-save command.
Activating an IP Filter policy
IP Filter policies are not enforced until they are activated. Only one IP Filter policy per IPv4 and IPv6
type can be active. If there is a temporary buffer for the policy, the policy is saved to the defined
configuration and activated at the same time. If there is no temporary buffer for the policy, the
policy existing in the defined configuration becomes active. The activated policy continues to
remain in the defined configuration. The policy to be activated replaces the existing active policy of
the same type. Activating the default IP Filter policies returns the IP management interface to its
default state. An IP Filter policy without any rule cannot be activated. This subcommand prompts
for a user confirmation before proceeding.
1. Log in to the switch using an account with admin permissions, or an account associated with
the chassis role and having OM permissions for the IPfilter RBAC class of commands.
2. Enter the ipFilter
–-activate command.
Deleting an IP Filter policy
You can delete a specified IP Filter policy. Deleting an IP Filter policy removes it from the temporary
buffer. To permanently delete the policy from the persistent database, run ipfilter
--save. An active
IP Filter policy cannot be deleted.
1. Log in to the switch using an account with admin permissions, or an account associated with
the chassis role and having the OM permissions for the IPfilter RBAC class of commands.
2. Enter the ipFilter --delete command.
3. To permanently delete the policy, enter the ipfilter
--save command.
IP Filter policy rules
An IP Filter policy consists of a set of rules. Each rule has an index number identifying the rule.
There can be a maximum of 256 rules within an IP Filter policy.
Each rule contains the following elements:
• Source Address: A source IP address or a group prefix.
• Destination Port: The destination port number or name, such as: Telnet, SSH, HTTP, HTTPS.
• Protocol: The protocol type. Supported types are TCP or UDP.
• Action: The filtering action taken by this rule, either Permit or Deny.
A rule type and destination IP can also be specified