Manualshelf

User`s guide

ManualsBrandsAMD ManualsComputer equipmentLE-363 User's
241242243244245246247248249250
Chapter 12 Access Control Lists 221
Deny Egress Traffic
Take the following steps to deny egress traffic:
1. Create a named policy set (empty by default).
No implicit assumptions or rules are made in this empty set.
The set in this example is named “block16_5”:
Note As indicated by the display message, the commit command must be issued
after you define the condition and action. See Step 3.
2. Add a rule to the named set, then specify an action and condition.
Rule numbers must be between 1 and 1024:
In this example, any traffic that exits the Oracle Fabric Interconnect I/O card is
considered the egress direction (server to network). The condition matches on
destination IP address 10.2.5.16 with a 32-bit mask length. All other traffic is
permitted to pass through except that destined for 10.2.5.16.
For a list of condition definitions, see “Setting Conditions” on page 216.
add acl block16_5
Warning: ACLs are not autocommitted. You will need to enter
'commit' when the ACL is complete
set acl block16_5 rule 1 action deny egress
set acl block16_5 rule 1 condition dest ipaddr = 10.2.5.16 mask 255.255.255.255