Planet IGSW-2840 User Manual page 494

• control-flag – Decimal number (representing a bit string) that specifies flag bits in byte 14 of the TCP header. (Range:
0-63)
Default Setting
None
Command Mode
Extended ACL
Command Usage
All new rules are appended to the end of the list.
Address bitmasks are similar to a subnet mask, containing four integers from 0 to 255, each separated by a period. The
binary mask uses 1 bits to indicate "match" and 0 bits to indicate "ignore." The bitmask is bitwise ANDed with the 21.
Includes TCP, UDP or other protocol types.
specified source IP address, and then compared with the address for each IP packet entering the port(s) to which this ACL
has been assigned.
• The following control codes may be specified:
-1 (fin) – Finish
-2 (syn) – Synchronize
-4 (rst) – Reset
-8 (psh) – Push
-16 (ack) – Acknowledgement
-32 (urg) – Urgent pointer
To define more than one control code, set the equivalent binary bit to "1" to indicate the
required codes. For Example, to set both SYN and ACK valid, use "control-code 18"
Example
Example
This accepts any incoming packets if the source address is within subnet 10.7.1.x. For
matched; i.e., the rule (10.7.1.0 & 255.255.255.0) equals the masked address (10.7.1.2 & 255.255.255.0), the packet
passes through.
Console(config-ext-acl)# permit 10.7.1.1 255.255.255.0 any
Console(config-ext-acl)#
This allows TCP packets from class C addresses 192.168.1.0 to any destination address when set for destination TCP port
80 (i.e., HTTP).
494
User's Manual of IGSW-2840
Example
, if the rule is