system services firewall policy create
- PDF of this doc site
Collection of separate PDF docs
Creating your file...
(DEPRECATED)-Create a firewall policy entry for a network service
Availability: This command is available to cluster administrators at the admin privilege level.
Description
This command is deprecated and may be removed in a future ONTAP release. Use network interface service-policy create or network interface service-policy add-service instead. |
The system services firewall policy create
command creates a firewall policy entry with the specified name and network service. This command is used both to create the first network service associated with a new firewall policy, and to add to an existing firewall policy by associating another network service with an existing policy. You can optionally specify one or more IP addresses with corresponding netmasks that are allowed to use the firewall policy entry.
You can use the network interface modify command with the -firewall-policy
parameter to put a firewall policy into effect for a given logical interface by modifying that logical interface to use the specified firewall policy.
You can use this command to create an empty firewall policy by creating a single policy entry for the "none" firewall service. When used by a logical network interface (LIF), an empty firewall policy will block all services managed using firewall policies. |
Parameters
-vserver <vserver>
- Vserver Name-
Use this parameter to specify the name of the Vserver on which the policy is to be created.
-policy <textpolicy_name>
- Policy-
Use this parameter to specify the name of the policy that is to be created.
-service <service>
- Service-
Use this parameter to specify the network service that is associated with the policy. Possible values include:
-
dns - The DNS protocol server
-
http - The HTTP protocol
-
ndmp - The NDMP tape backup protocol
-
ndmps - The NDMPS tape backup protocol
-
none - No protocol (for creating an empty policy)
-
ntp - The NTP protocol
-
rsh - The RSH protocol
-
snmp - The SNMP protocol
-
telnet - The Telnet protocol
-
-allow-list <IP Address/Mask>,…
- Allowed IPs-
Use this parameter to specify one or more IP addresses with corresponding netmasks that are to be allowed by this firewall policy. The correct format for this parameter is address/netmask, similar to "192.0.2.128/25". Multiple address/netmask pairs should be separated with commas. Use the value
0.0.0.0/0
for "any".
Examples
The following example creates a firewall policy named data that uses the NDMP protocol and enables access from all IP addresses on the 192.0.2.128/25 subnet:
cluster1::> system services firewall policy create -policy data -service ndmp -allow-list 192.0.2.128/25
The following example adds an entry to the firewall policy named data, associating the DNS protocol with that policy and enabling access from all IP addresses on the 192.0.2.128/25 subnet:
cluster1::> system services firewall policy create -policy data -service dns -allow-list 192.0.2.128/25