brocade-communications-sy rfs6000 Benutzerhandbuch
Brocade Mobility RFS4000, RFS6000 and RFS7000 CLI Reference Guide
823
53-1001931-01
AAP IP Filter config commands
27
Parameters
deny [all|icmp|tcp|udp]
[any|src-start-ip <IP>
srcend-ip <IP>]
[any|dst-startip <IP>
dst-end-ip <IP>]
[all|dst-start-port
<1-65535> dst-end-port
<1-65535>] rule <1-20>
[any|src-start-ip <IP>
srcend-ip <IP>]
[any|dst-startip <IP>
dst-end-ip <IP>]
[all|dst-start-port
<1-65535> dst-end-port
<1-65535>] rule <1-20>
Use with a deny command to reject IP packets
•
deny all - Denies all the protocols
•
deny icmp - Specifies ICMP as the protocol
•
deny [tcp|udp] - Specifies TCP or UDP as the protocol
The following parameters are common to all the protocols:
•
[any|src-start-ip <IP> src-end-ip <IP>]- any is an
abbreviation for a source IP of 0.0.0.0 and end IP
255.255.255.255.
abbreviation for a source IP of 0.0.0.0 and end IP
255.255.255.255.
•
src-start-ip <IP> - The keyword <src-start-ip> is the
source IP address of the network. For example,
10.1.1.10/24 indicates the first 24 bits of the source IP
is used for matching
source IP address of the network. For example,
10.1.1.10/24 indicates the first 24 bits of the source IP
is used for matching
•
src-end-ip <IP> - The keyword <src-end-ip> is the source
end IP address of the network.
end IP address of the network.
•
[any|dst-start-ip <IP> dst-end-ip <IP>] - any is an
abbreviation for a destination start / end IP of the network.
abbreviation for a destination start / end IP of the network.
•
dst-start-ip <IP> - Defines the destination start IP
address
address
•
dst-end-ip <IP> - Defines the destination end IP address
•
[all|dst-start-port <1-65535> dst-end-port <1-65535>] -
Rejects all the packets.
Rejects all the packets.
•
dst-start-port <1-65535> - Defines the destination start
port
port
•
dst-end-port <1-65535> - Defines the destination end
port
port
•
rule <1-20> - Define an integer value between 1 and 20. This
value sets the rule precedence on the AAP.
value sets the rule precedence on the AAP.
deny protocol <1-254>
[any|src-start-ip <IP>
srcend-ip <IP>]
[any|dst-startip <IP>
dst-end-ip <IP>]
[all|dst-start-port
<1-65535> dst-end-port
<1-65535>] rule <1-20>
[any|src-start-ip <IP>
srcend-ip <IP>]
[any|dst-startip <IP>
dst-end-ip <IP>]
[all|dst-start-port
<1-65535> dst-end-port
<1-65535>] rule <1-20>
Denies protocols between 1 and 254.
•
[any|src-start-ip <IP> src-end-ip <IP>]- any is an abbreviation
for a source IP of 0.0.0.0 and end IP 255.255.255.255
for a source IP of 0.0.0.0 and end IP 255.255.255.255
•
src-start-ip <IP> - The keyword <src-start-ip> is the
source IP address of the network. For example,
10.1.1.10/24 indicates the first 24 bits of the source IP
is used for matching
source IP address of the network. For example,
10.1.1.10/24 indicates the first 24 bits of the source IP
is used for matching
•
src-end-ip <IP> - The keyword <src-end-ip> is the source
end IP address of the network
end IP address of the network
•
[any|dst-start-ip <IP> dst-end-ip <IP>] - any is an
abbreviation for a destination start / end IP of the network.
abbreviation for a destination start / end IP of the network.
•
dst-start-ip <IP> - Defines the destination start IP
address
address
•
dst-end-ip <IP> - Defines the destination end IP address
•
[all|dst-start-port <1-65535> dst-end-port <1-65535>] -
Rejects all the packets
Rejects all the packets
•
dst-start-port <1-65535> - Defines the destination start
port
port
•
dst-end-port <1-65535> - Defines the destination end
port
port
•
rule <1-20> - Define an integer value between 1 and 20. This
value sets the rule precedence on the AAP
value sets the rule precedence on the AAP