Advertisement
deny tcp
e
Syntax
Parameters
Defaults
Command Modes
Related
Commands
1324
|
Security
Configure a filter that drops TCP packets meeting the filter criteria.
deny tcp {source address mask | any | host ip-address} [operator port [port]]
{destination mask | any | host ip-address} [operator port [port]] [count [byte]] | log] [order
number]
To remove this filter, you have two choices:
•
Use the no seq sequence-number command syntax if you know the filter's sequence number
or
•
Use the no deny tcp {source mask | any | host ip-address} {destination mask | any | host
ip-address} command.
source
Enter the IP address of the network or host from which the packets were sent.
mask
(OPTIONAL) Enter a network mask in /prefix format (/x).
any
Enter the keyword
host ip-address
Enter the keyword
operator
(OPTIONAL) Enter one of the following logical operand:
eq
•
neq
•
gt
•
lt
•
range
•
command parameter.)
port port
Enter the application layer port number. Enter two port numbers if using the range
logical operand.
Range: 0 to 65535.
The following list includes some common TCP port numbers:
•
23 = Telnet
•
20 and 21 = FTP
•
25 = SMTP
•
169 = SNMP
destination
Enter the IP address of the network or host to which the packets are sent.
count
(OPTIONAL) Enter the keyword
byte
(OPTIONAL) Enter the keyword
log
(OPTIONAL) Enter the keyword
file.
order number
(OPTIONAL) Enter the keyword
order number.
Not configured.
TRACE LIST
deny
Assign a trace list filter to deny IP traffic.
deny udp
Assign a trace list filter to deny UDP traffic.
any
to specify that all routes are subject to the filter.
host
followed by the IP address to specify a host IP address.
= equal to
= not equal to
= greater than
= less than
= inclusive range of ports (you must specify two ports for the
count
byte
log
order
to count packets processed by the filter.
to count only bytes processed by the filter.
to have the information kept in a Trace-list log
followed by a number from 0 to 7 as the
port
Advertisement
