Verify IPv6 firewall entries
Contributors
Suggest changes
-
PDF of this doc site
- Cluster administration
-
Volume administration
- Logical storage management with the CLI
-
NAS storage management
- Configure NFS with the CLI
- Manage NFS with the CLI
-
Manage SMB with the CLI
- Manage file access using SMB
- SAN storage management
- Security and data encryption
-
Data protection and disaster recovery
- Data protection with the CLI
Collection of separate PDF docs
Creating your file...
This may take a few minutes. Thanks for your patience.
Your file is ready
A reversion from any version of ONTAP 9 might result in missing default IPv6 firewall entries for some services in firewall policies. You need to verify that the required firewall entries have been restored to your system.
-
Verify that all firewall policies are correct by comparing them to the default policies:
system services firewall policy show
The following example shows the default policies:
cluster1::*> system services firewall policy show Policy Service Action IP-List ---------------- ---------- ------ -------------------- cluster dns allow 0.0.0.0/0 http allow 0.0.0.0/0 https allow 0.0.0.0/0 ndmp allow 0.0.0.0/0 ntp allow 0.0.0.0/0 rsh allow 0.0.0.0/0 snmp allow 0.0.0.0/0 ssh allow 0.0.0.0/0 telnet allow 0.0.0.0/0 data dns allow 0.0.0.0/0, ::/0 http deny 0.0.0.0/0, ::/0 https deny 0.0.0.0/0, ::/0 ndmp allow 0.0.0.0/0, ::/0 ntp deny 0.0.0.0/0, ::/0 rsh deny 0.0.0.0/0, ::/0 . . .
-
Manually add any missing default IPv6 firewall entries by creating a new firewall policy:
system services firewall policy create
cluster1::*> system services firewall policy create -policy newIPv6 -service ssh -action allow -ip-list ::/0
-
Apply the new policy to the LIF to allow access to a network service:
network interface modify
cluster1::*> network interface modify -vserver VS1 -lif LIF1 -firewall-policy newIPv6