Table 35 Implicit Ip Filter Rules - HP SN3000B Administrator's Manual

TABLE 34
Service name
shell
uucp
biff
who
syslog
route
timed
kerberos4
rpcd
securerpcd
Protocol
TCP and UDP protocols are valid protocol selections. Fabric OS v6.2.0 and later do not support
configuration to filter other protocols. Implicitly, ICMP type 0 and type 8 packets are always allowed
to support ICMP echo request and reply on commands like ping and traceroute.
Action
For the action, only "permit" and "deny" are valid.
Traffic type and destination IP
The traffic type and destination IP elements allow an IP policy rule to specify filter enforcement for
IP forwarding. The INPUT traffic type is the default and restricts rules to manage traffic on IP
management interfaces,
The FORWARD traffic type allows management of bidirectional traffic between the external
management interface and the inband management interface. In this case, the destination IP
element should also be specified.
Implicit filter rules
For every IP Filter policy, the two rules listed in
implicitly to the end of the policy. This ensures that TCP and UDP traffic to dynamic port ranges is
allowed, so that management IP traffic initiated from a switch, such as syslog, radius and ftp, is not
affected.
TABLE 35
Source address
Any
Any
Fabric OS Administrator's Guide
53-1002446-01
Supported services (Continued)
Port number
514
540
512
513
514
520
525
750
897
898
Implicit IP Filter rules
Destination port
1024-65535
1024-65535
Table 35 are always assumed to be appended
Protocol Action
TCP Permit
UDP Permit
7
IP Filter policy
157