By using the UPDT function, you can create and update rules.
IPSWRULE UPDT <ID> <direction> <IP> <mask> <port> <inclusion | exclusion> <priority>
IPSWRULE rule parameters
Parameter | Value range | Is required | Description |
---|---|---|---|
<rule ID> | 32-bits, unsigned (0 through 4 294 967 295) | Y | A globally unique identifier for the rule. For creating a rule, provide an ID that is not in use. For updating a rule, provide an existing ID. |
<direction> | "1" — filter on client IP address and TCP port "2" — filter on server IP address and TCP port | Y | Traffic direction — to filter on client or server IP and port. |
<host name> | URL-encoded, case-insensitive | Y | A host name to filter traffic on |
<mask> | Standard dot notation; not null | Y | Net mask used to mask the IP address filtering |
<port> | 16-bits, unsigned (0 through 65635) "-1" — catch-all | Y | A TCP port to filter traffic on |
<inclusion | exclusion> | "1" — traffic inclusion "2" — traffic exclusion | Y | An action to perform on the packet that matches the rule |
<priority> | 1 to the total number of existing rules "0" — the highest priority | Y | Rule priority — rule's position in the rules list. Rules are applied in the order they appear in the list. |
Example
A high-priority rule that excludes traffic from 10.1.1.1 client machine:
IPSWRULE UPDT 22 1 10.1.1.1 255.0.255.0 -1 2 0
A rule that includes traffic from http://bmc.com
:
IPSWRULE UPDT 22 2 bmc.com 255.0.255.0 -1 1 2
Note
The example above displays the usage of IPv4 notation, however, IPv6 notation has been implemented and can also be used.