Cisco Nexus 7000 Series Security Command Reference - Cisco Nexus 7000 Series Command Reference Manual

deny (IPv4)
operator port [port]
portgroup portgroup

Cisco Nexus 7000 Series Security Command Reference

234
(Optional; TCP and UDP only) Rule matches only
packets that are from a source port or sent to a
destination port that satisfies the conditions of the
operator and port arguments. Whether these
arguments apply to a source port or a destination port
depends upon whether you specify them after the
source argument or after the destination argument.
The port argument can be the name or the number of
a TCP or UDP port. Valid numbers are integers from
0 to 65535. For listings of valid port names, see "TCP
Port Names" and "UDP Port Names" in the "Usage
Guidelines" section.
A second port argument is required only when the
operator argument is a range.
The operator argument must be one of the following
keywords:
• eq—Matches only if the port in the packet is
equal to the port argument.
• gt—Matches only if the port in the packet is
greater than and not equal to the port argument.
• lt—Matches only if the port in the packet is less
than and not equal to the port argument.
• neq—Matches only if the port in the packet is
not equal to the port argument.
• range—Requires two port arguments and
matches only if the port in the packet is equal
to or greater than the first port argument and
equal to or less than the second port argument.
(Optional; TCP and UDP only) Specifies that the rule
matches only packets that are from a source port or
to a destination port that is a member of the IP port
object group specified by the portgroup argument,
which can be up to 64 alphanumeric, case-sensitive
characters. Whether the IP port object group applies
to a source port or a destination port depends upon
whether you specify it after the source argument or
after the destination argument.
Use the object-group ip port command to create and
change IP port object groups.
D Commands