permit tcp
To pass TCP packets meeting the filter criteria, configure a filter.
Z9500
Syntax
permit tcp {source mask | any | host ip-address} [bit]
[operator port [port]] {destination mask | any | host ip-
address} [bit] [dscp] [operator port [port]] [count [bytes]]
[log] [order] [monitor] [fragments]
To remove this filter, you have two choices:
•
•
Parameters
source
mask
any
host ip-address
bit
dscp
operator
Access Control Lists (ACL)
Use the no seq sequence-number command if you know the filter's
sequence number.
Use the no permit tcp {source mask | any | host ip-address}
{destination mask | any | host ip-address} command.
Enter the IP address of the network or host from which the
packets were sent.
Enter a network mask in /prefix format (/x) or A.B.C.D. The
mask, when specified in A.B.C.D format, may be either
contiguous or non-contiguous.
Enter the keyword any to specify that all routes are subject
to the filter.
Enter the keyword host then the IP address to specify a host
IP address.
Enter a flag or combination of bits:
•
ack: acknowledgement field
•
fin: finish (no more data from the user)
•
psh: push function
•
rst: reset the connection
•
syn: synchronize sequence numbers
•
urg: urgent field
Enter the keyword dscp to deny a packet based on the
DSCP value. The range is from 0 to 63.
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports (you must specify two
ports for the port parameter)
241