H3C s3100 series Command Manual page 577

Table 1-11 TCP/UDP-specific ACL rule information
Parameters Type
source-port
operator port1 Source port
[ port2 ]
destination-po
Destination
rt operator port1
port
[ port2 ]
TCP
established connection
flag
If TCP or UDP port number is represented by name, you can also define the information listed in
1-12.
Table 1-12 TCP or UDP port values
Type
CHARgen (19), bgp (179), cmd (514), daytime (13), discard (9), domain (53),
echo (7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname
TCP (101), irc (194), klogin (543), kshell (544), login (513), lpd (515), nntp (119), pop2
(109), pop3 (110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet (23),
time (37), uucp (540), whois (43), www (80)
biff (512), bootpc (68), bootps (67), discard (9), dns (53), dnsix (90), echo (7),
mobilip-ag (434), mobilip-mn (435), nameserver (42), netbios-dgm (138),
UDP netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap
(162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37),
who (513), xdmcp (177)
If the protocol type is ICMP, you can also define the information listed in
Function
The value of operator can be lt (less than),
gt (greater than), eq (equal to), neq (not
equal to) or range (within the range of).
Only the range operator requires two port
numbers as the operands. The other
Defines the source
operators require only one port number as
port information of
the operand.
UDP/TCP packets
port1 and port2: TCP/UDP port number(s),
expressed as port names or port numbers.
When expressed as numerals, the value
range is 0 to 65535.
With the range operator, the value of port2
does not need to be greater than that of
port1 because the switch can automatically
judge the value range. If the value of port1 is
Defines the
the same as that of port2, the switch will
destination port
convert the operator range to eq.
information of
Note that if you specify a combination of lt 1
UDP/TCP packets
or gt 65534, the switch will convert it to eq 0
or eq 65535.
Specifies that the
rule is applicable
only to the first SYN
TCP-specific argument
segment for
establishing a TCP
connection
Value
1-16
Description
Table 1-13.
Table