Skip to main content
A newer release of this product is available.

system services firewall policy modify

Contributors
Suggest changes

Modify a firewall policy entry for a network service

Availability: This command is available to cluster administrators at the admin privilege level.

Description

The system services firewall modify command enables you to modify the list of IP addresses and netmasks associated with a firewall policy.

Parameters

-vserver <vserver> - Vserver Name

Use this parameter to specify the Vserver of the policy to modify.

-policy <textpolicy_name> - Policy

Use this parameter to specify the name of the policy to modify.

-service <service> - Service

Use this parameter to specify the policy's network service to modify.

[-allow-list <IP Address/Mask>,…​] - Allowed IPs

Use this parameter to specify one or more IP addresses with corresponding netmasks that are allowed by this firewall policy. The correct format for this parameter is address/netmask, similar to "192.0.2.128/25". Multiple address/netmask pairs should be separated with commas. Use the value 0.0.0.0/0 for "any".

Examples

The following example modifies the firewall policy named data that uses the SSH protocol to enable access from all addresses on the 192.0.2.128 subnet:

cluster1::> system services firewall policy modify -policy data -service ssh -allow-list 192.0.2.128/25