Siemens SCALANCE XM-400 Configuration Manual page 849

You have the following options:
● All incoming and/or outgoing TCP segments are not forwarded.
● Incoming and/or outgoing TCP segments of a specific host are not forwarded.
● Incoming and/or outgoing TCP segments of hosts of a specific subnet are not forwarded.
● Incoming and/or outgoing TCP segments are not forwarded to specific ports.
Note
Processing order of the lists
The access control lists are processed on the interface in the order in which they were
created.
The index number of the access control list is not used for this.
Requirement
You are in the ACL standard configuration mode.
The command prompt is as follows:
cli(config-std-nacl)#
Syntax
Call up the command with the following parameters:
deny tcp {any | host <src-ip-address> | <src-ip-address> <src-mask>} [{ gt <src-port-
number(1-65535)> | lt <src-port-number(1-65535)> | eq src-port-number(1-65535)> |
range <src-port-number (1-65535)> <src-port-number (1-65535)>}] [{any | host <dest-
ip-address> | <dest-ip-address> <dest-mask>}] [{ gt <port-number(1-65535)> | lt
<port-number(1-65535)> | eq <port-number(1-65535)> | range <port-number (1-65535)>
<port-number (1-65535)>}] [dscp<value(0-63)>] [{ack | rst}]
The parameters have the following meaning:
Parameter
any
host
src-ip-address
src-ip-address
src-mask
src-port-number
port-number
gt
lt
SCALANCE XM-400/XR-500 Command Line Interface (CLI)
Configuration Manual, 06/2016, C79000-G8976-C252-11
Description
Blocks all incoming TCP segments
Keyword for a an individual IPv4 ad-
dress
Source IPv4 address
Network source address
Corresponding subnet mask
Port number
Keyword for port numbers higher than
the specified number (gt: greater than).
Keyword for port numbers lower than
the specified number (lt: less than).
Security and authentication
11.4 IP access control list
Range of values / note
-
-
Enter a valid IPv4 address.
Enter a valid combination of IPv4
address and subnet mask.
1 ... 65535
-
-
849