To remove this filter, you have two choices:
•
•
Parameters
source
mask
any
host ip-address
bit
dscp
operator
port port
214
Access Control Lists (ACL)
Use the no seq sequence-number command if you know the filter's sequence number.
Use the no permit tcp {source mask | any | host ip-address} {destination mask |
any | host ip-address} command.
Enter the IP address of the network or host from which the packets were sent.
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when specified in
A.B.C.D format, may be either contiguous or non-contiguous.
Enter the keyword any to specify that all routes are subject to the filter.
Enter the keyword host then the IP address to specify a host IP address.
Enter a flag or combination of bits:
•
ack: acknowledgement field
•
fin: finish (no more data from the user)
•
psh: push function
•
rst: reset the connection
•
syn: synchronize sequence numbers
•
urg: urgent field
•
established: datagram of established TCP session
Use the established flag to match only ACK and RST flags of established TCP
session.
You cannot use established along with the other control flags
While using the established flag in an ACL rule, all the other TCP control flags are
masked, to avoid redundant TCP control flags configuration in a single rule. When you use
any TCP control flag in an ACL rule, established is masked and other control flags are
available.
Enter the keyword dscp to deny a packet based on the DSCP value. The range is from 0
to 63.
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports (you must specify two ports for the port parameter)
Enter the application layer port number. Enter two port numbers if you are using the
range logical operand. The range is from 0 to 65535.
The following list includes some common TCP port numbers:
•
23 = Telnet
•
20 and 21 = FTP
•
25 = SMTP