•
flag [+fin | -fin] [+syn | -syn] [+rst | -rst] [+psh | -psh] [+ack | -ack] [+urg
| -urg] [established]—
the TCP flags.
Ack – Acknowledgement bit
–
Fin – Finished bit
–
–
Psh – push bit
–
Rst – reset bit
–
Syn – Synchronize bit
–
Urg – Urgent bit
–
When "+<tcpflagname>
<tcpflagname> flag is set in the TCP header.
–
When "-<tcpflagname>
<tcpflagname> flag is *NOT* set in the TCP header.
–
When "established
ACK bits are set in the TCP header.
–
This option is visible only if protocol is "tcp".
•
icmp-type
[icmp-type
Specifies a match condition for ICMP packets.
—
–
When icmp-type is specified, IP ACL rule matches on the specified
ICMP message type, a number from 0 to 255.
–
When icmp-code is specified, IP ACL rule matches on the specified
ICMP message code, a number from 0 to 255.
–
Specifying icmp-message implies both icmp-type and icmp-code are
specified.
–
ICMP message is decoded into corresponding ICMP type and ICMP
code within that ICMP type. This option is visible only if the protocol
is "icmp".
–
IPv4 ICMP message types: echo echo-reply host-redirect mobile-
redirect net-redirect net-unreachable redirect packet-too-big port-
unreachable source-quench router-solicitation router-advertisement
time-exceeded ttl-exceeded unreachable
igmp-type —When igmp-type is specified, IP ACL rule matches
•
igmp-type
on the specified IGMP message type (i.e., a number from 0 to 255).
Specifies that the IP/TCP/UDP ACL rule matches on
" is specified, a match occurs if specified
" is specified, a match occurs if specified
" is specified, a match occurs if either the RST or
icmp-code
[icmp-code
icmp-message
] | icmp-message
ACL Commands
]
263