128 Fabric OS Administrator’s Guide
53-1002446-01
Telnet protocol
6
5. Add a rule to the policy, by typing the ipFilter --addrule command.
switch:admin> ipfilter --addrule BlockTelnet -rule 1 -sip any -dp 23 -proto
tcp -act deny
The rule number assigned has to precede the default rule number for this protocol. For
example, in the defined policy, the Telnet rule number is 2, therefore to effectively block Telnet,
the rule number to assign must be 1.
If you choose not to use 1, you will need to delete the telnet rule number 2 after adding this
rule. Refer to “Deleting a rule to an IP Filter policy” on page 159 for more information on
deleting IP filter rules.
6. Save the new ipfilter policy by typing the ipfilter
--save command.
7. Verify the new policy is correct by typing the ipFilter
--show command.
8. Activate the new ipfilter policy by typing the ipfilter
--activate command.
switch:admin> ipfilter --activate BlockTelnet
9. Verify the new policy is active (the default_ipv4 policy should be displayed as defined).
switch:admin> ipfilter --show
Name: BlockTelnet, Type: ipv4, State: defined
Rule Source IP Protocol Dest Port Action
1 any tcp 23 deny
2 any tcp 22 permit
3 any tcp 22 permit
4 any tcp 897 permit
5 any tcp 898 permit
6 any tcp 111 permit
7 any tcp 80 permit
8 any tcp 443 permit
9 any udp 161 permit
10 any udp 111 permit
11 any udp 123 permit
12 any tcp 600 - 1023 permit
13 any udp 600 - 1023 permit
Name: default_ipv4, Type: ipv4, State: defined
Rule Source IP Protocol Dest Port Action
1 any tcp 22 permit
2 any tcp 23 permit
3 any tcp 897 permit
4 any tcp 898 permit
5 any tcp 111 permit
6 any tcp 80 permit
7 any tcp 443 permit
8 any udp 161 permit
9 any udp 111 permit
10 any udp 123 permit
11 any tcp 600 - 1023 permit
12 any udp 600 - 1023 permit
To Next Page
Loading...
Need help?
General