At this KB, I added some useful commands about how to define an ipfilter for block TCP (23) telnet requests.
Please check the steps and change it for your configuration.
Step 1: Check current configuration
Connect brocade switch over SSH.
ipfilter --show Name: default_ipv4, Type: ipv4, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: default_ipv6, Type: ipv6, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit
Step 2: Clone current configuration
# ipfilter --clone BlockPort23 -from default_ipv4 # ipfilter --clone BlockPort23ipv6 -from default_ipv6 # ipfilter --show Name: default_ipv4, Type: ipv4, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: default_ipv6, Type: ipv6, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: BlockPort23, Type: ipv4, State: defined (modified) Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: BlockPort23ipv6, Type: ipv6, State: defined (modified) Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit
Step 3: Modify cloned configuration
We blocked TCP request for port 23.
# ipfilter --delrule BlockPort23 -rule 2 # ipfilter --delrule BlockPort23ipv6 -rule 2 # ipfilter --addrule BlockPort23 -rule 2 -sip any -dp 23 -proto tcp -act deny # ipfilter --addrule BlockPort23ipv6 -rule 2 -sip any -dp 23 -proto tcp -act deny # ipfilter --save BlockPort23 # ipfilter --save BlockPort23ipv6
Step 4: Activate new firewall configuration
# ipfilter --activate BlockPort23 # ipfilter --activate BlockPort23ipv6 i# ipfilter --show Name: default_ipv4, Type: ipv4, State: defined Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: default_ipv6, Type: ipv6, State: defined Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 permit 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: BlockPort23, Type: ipv4, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 deny 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit Name: BlockPort23ipv6, Type: ipv6, State: active Rule Source IP Protocol Dest Port Action 1 any tcp 22 permit 2 any tcp 23 deny 3 any tcp 80 permit 4 any tcp 443 permit 5 any udp 161 permit 6 any udp 123 permit 7 any tcp 600 - 1023 permit 8 any udp 600 - 1023 permit
Tagged In:
Storage
