Egress-Acl Extend Rule Type-Tcp - Zte ZXR10 2900E Series Command Reference Manual

ZXR10 2900E Series Command Reference
Guidelines
The IP rule can match IPv4 packets with specified source IP addresses, any source IP
address, specified destination IP addresses, any destination IP address, DSCP fields, or
IP fragment fields.

4.13.52 egress-acl extend rule type-tcp

Purpose
This command sets the rule that the extended egress ACL is used to match TCP message.
Command Mode
Extended egress ACL configuration mode
Syntax
rule <1-500>{permit | deny} tcp {<source-ipaddr><sip-mask>| any}[source-port <0-65535><s
port-mask>]{<destination-ipaddr><dip-mask>| any}[dest-port <0-65535><dport-mask>][establ
ishing | established][dscp <0-63>][fragment]
Parameter Description
Parameter
<1-500>
permit
deny
tcp
<source-ipaddr>
<sip-mask>
any (first)
source-port <0-65535>
<sport-mask>
<destination-ipaddr>
SJ-20130731155059-003|2013-11-27 (R1.0)
Description
Rule number.
If the condition matches, access is permitted.
If the condition matches, access is denied.
This rule only matches TCP message. Non-TCP message ignores
this rule.
IP address of the source network or host transmitting packets. It is
a 32-bit IP address expressed in dotted decimal notation.
Source mask used for sources. It is a 32-bit IP address expressed
in dotted decimal notation.
The any keyword is used as the abbreviation of the source 0.0.0.0
and the source mask 0.0.0.0.
TCP source port number of the transmitted packet
The parameters of source-port can resolve the some known port
numbers. Also the port number and mask can be directly inputted.
Source port number mask
Destination network or host of the transmitted packet. It is a 32-bit
IP address expressed in dotted decimal notation.
4-264
ZTE Proprietary and Confidential