156 Fabric OS Administrator’s Guide
53-1001763-02
IP Filter policy
7
TCP and UDP protocols are valid selections. Fabric OS v6.2.0 and later does not support
configuration to filter other protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed
to support ICMP echo request and reply on commands like ping and traceroute. For the action, only
“permit” and “deny” are valid.
For every IP Filter policy, the two rules listed in Table 33 are always assumed to be appended
implicitly to the end of the policy. This ensures that TCP and UDP traffic to dynamic port ranges is
allowed, so that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not
affected.
A switch with Fabric OS v6.2.0 or later will have a default IP Filter policy for IPv4 and IPv6. The
default IP Filter policy cannot be deleted or changed. When an alternative IP Filter policy is
activated, the default IP Filter policy becomes deactivated. Table 34 lists the rules of the default IP
Filter policy.
snmp 161
ssh 22
sunrpc 111
telnet 23
www 80
TABLE 33 Implicit IP Filter rules
Source address Destination port Protocol Action
Any 1024-65535 TCP Permit
Any 1024-65535 UDP Permit
TABLE 34 Default IP policy rules
Rule number Source address Destination port Protocol Action
1Any22TCPPermit
2Any23TCPPermit
3Any897TCPPermit
4 Any 898 TCP Permit
5Any111TCPPermit
6Any80TCPPermit
7Any443TCPPermit
9 Any 161 UDP Permit
10 Any 111 UDP Permit
11 Any 123 UDP Permit
12 Any 600-1023 UDP Permit
TABLE 32 Supported services (Continued)
Service name Port number