Table of Contents
Advertisement
permit, deny (Extended ACL)
This command adds a rule to an Extended IP ACL. The rule sets a filter
condition for packets with specific source or destination IP addresses, protocol
types, or source or destination protocol ports. Use the no form to remove a
rule.
Syntax
[no] {permit | deny} [protocol-number | udp]
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[source-port sport [end]] [destination-port dport [end]]
[no] {permit | deny} tcp
{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[source-port sport [end]] [destination-port dport [end]]
• protocol-number – A specific protocol number. (Range: 0-255)
• source – Source IP address.
• destination – Destination IP address.
• address-bitmask – Decimal number representing the address bits to match.
• host – Keyword followed by a specific IP address.
• sport – Protocol
• dport – Protocol
• end – Upper bound of the protocol port range. (Range: 0-65535)
Default Setting
None
Command Mode
Extended ACL
Command Usage
• All new rules are appended to the end of the list.
• Address bitmasks are similar to a subnet mask, containing four integers from
0 to 255, each separated by a period. The binary mask uses 1 bits to indicate
"match" and 0 bits to indicate "ignore." The bitmask is bitwise ANDed with the
specified source IP address, and then compared with the address for each IP
packet entering the port(s) to which this ACL has been assigned.
15. Includes TCP, UDP or other protocol types.
15
source port number. (Range: 0-65535)
15
destination port number. (Range: 0-65535)
www.digisol.com
DG-FS4526 User Manual
4
4-125
Hide quick links:
Advertisement
Table of Contents
