Raritan Computer EMX2-111 User Manual
Chapter 10: Using the Command Line Interface
277
Policy
Description
deny
Drops traffic from the specified IP address range
when the user is a member of the specified role
when the user is a member of the specified role
<insert> is one of the options: insertAbove or insertBelow.
Option
Description
insertAbove
Inserts the new rule above the specified rule
number. Then:
number. Then:
new rule's number = the specified rule number
insertBelow
Inserts the new rule below the specified rule
number. Then:
number. Then:
new rule's number = the specified rule number + 1
<rule_number> is the number of the existing rule which you want to
insert the new rule above or below.
insert the new rule above or below.
Example
The following command creates a newIPv4 role-based access control
rule and specifies its location in the list.
rule and specifies its location in the list.
config:#
security roleBasedAccessControl ipv4 rule add 192.168.78.50 192.168.90.100
admin deny insertAbove 3
admin deny insertAbove 3
Results:
A new IPv4 role-based access control rule is added, dropping all
packets from any IPv4 address between 192.168.78.50 and
192.168.90.100 when the user is a member of the role "admin."
packets from any IPv4 address between 192.168.78.50 and
192.168.90.100 when the user is a member of the role "admin."
The newly-added IPv4 rule is inserted above the 3rd rule. That is, the
new rule becomes the 3rd rule, and the original 3rd rule becomes the
4th rule.
new rule becomes the 3rd rule, and the original 3rd rule becomes the
4th rule.
Modifying a Role-Based Access Control Rule
Depending on what to modify in an existing rule, the command syntax
varies.
varies.
IPv4 commands
To modify a rule's IPv4 address range, use this command
syntax: