resources group port-group <group-name>
Defines a group of ports that are referenced in firewall rules.
- port-group port-group-name
- Matches the destination port packets against the specified port group. The packet is considered a match if it matches any port name or number specified in the group. Only one port group may be specified. The port group must already be defined. A packet is considered a match for an address, a network, or a port group if it matches any host IP address, network address, or port name or number, respectively, in the group. However, if more than one group is specified, the packet must be a match for both groups in order to be considered a match. For example, if an address group and a port group are both specified, the packet’s destination must match at least one item in the address group and at least one item in the port group.
- description description
- Provides a brief description for the network group.
- port [ name | 1-65535 | start - end ]
- Specifies the port group parameters.
- port-name
- Matches the name of an IP service; for example, http. You can specify any service name in the file /etc/services.
- port-num
- Matches a port number. The range is 1 through 65535.
- start-end
- Matches the specified range of ports; for example, 1001-1005.
Configuration mode
resources {
group {
port-group group-name {
port name
description desc
}
}
}Use this command to define a network group. A network group is a collection of network addresses that, once defined, can be collectively referenced within a firewall command
A network group is considered matched if the packet address matches any network address or address range within the group.
Use the set form of this command to define a network group.
Use the delete form of this command to remove a network group or its members.
Use the show form of this command to view the configuration of a network group.