Matching Icmp Type Names; Matching Groups - Brocade Communications Systems 5600 vRouter Configuration Manual

Matching ICMP type names

Packets can be filtered for ICMP type names. For example, to create a rule that allows only ICMP echo request packets, perform the
following steps in configuration mode.
TABLE 8 Accepting ICMP packets with specific type names
Step
Set the protocol to match to ICMP.
Set the ICMP packet type to match.
Set the action to accept.
Commit the configuration.
Show the configuration.

Matching groups

Groups of addresses, ports, and networks can be defined for similar filtering. For example, to create a rule that rejects traffic to a group of
addresses and ports and from a group of networks, perform the following steps in configuration mode.
TABLE 9 Rejecting traffic based on groups of addresses, networks, and ports
Step
Add an address to an address group.
Add a network to a address group.
Add a port to a port group.
Add a port name to a port group.
Commit the configuration.
Show the configuration.
28
Command
vyatta@R1# set security firewall name ICMP-NAME
rule 40 protocol icmp
vyatta@R1# set security firewall name ICMP-NAME
rule 40 icmp type-name echo-request
vyatta@R1# set security firewall name ICMP-NAME
rule 40 action accept
vyatta@R1# commit
vyatta@R1# show security firewall name ICMP-NAME
rule 40 {
action accept
protocol icmp
icmp {
type-name echo-request
}
}
vyatta@R1#
Command
vyatta@R1# set resources group address-group
SERVERS address 1.1.1.7
vyatta@R1# set resources group address-group
SERVERS address 10.0.10.0/24
vyatta@R1# set resources group port-group PORTS
port 22
vyatta@R1# set resources group port-group PORTS
port http
vyatta@R1# commit
vyatta@R1# show resources
group {
Brocade 5600 vRouter Firewall Configuration Guide
Configuration Examples
53-1004253-01