Modify a firewall policy entry for a network service
Availability: This command is available to cluster administrators at the admin privilege level.
Parameters
- -vserver <vserver> - Vserver Name
- Use this parameter to specify
the Vserver of the policy to modify.
- -policy <textpolicy_name> - Policy
- Use this parameter to specify
the name of the policy to modify.
- -service <service> - Service
- Use this parameter to specify
the policy's network service to modify.
- [-allow-list <IP Address/Mask>, ...] - Allowed IPs
- Use this parameter to specify
one or more IP addresses with corresponding netmasks
that are allowed by this firewall policy.
The correct format for this parameter is address/netmask,
similar to "192.0.2.128/25".
Multiple address/netmask pairs should be separated with commas.
Use the value 0.0.0.0/0 for "any".
Examples
The following example modifies the firewall policy named data that uses the SSH protocol to enable access from all addresses on the 192.0.2.128 subnet:
cluster1::> system services firewall policy modify -policy data -service ssh -allow-list 192.0.2.128/25