Cisco Nexus 7000 Series Security Command Reference - Cisco Nexus 7000 Series Command Reference Manual

D Commands
icmp-type [icmp-code]
operator port [port]
(ICMP only: Optional) ICMP message type that the
rule matches. Valid values for the icmp-type argument
are an integer from 0 to 255. If the ICMP message
type supports message codes, you can use the
icmp-code argument to specify the code that the rule
matches.
For more information about ICMP message types and
codes, see http://www.iana.org/assignments/
icmp-parameters .
(Optional; TCP, UDP, and SCTP only) Rule matches
only packets that are from a source port or sent to a
destination port that satisfies the conditions of the
operator and port arguments. Whether these
arguments apply to a source port or a destination port
depends upon whether you specify them after the
source argument or after the destination argument.
The port argument can be the name or the number of
a TCP or UDP port. Valid numbers are integers from
0 to 65535. For listings of valid port names, see "TCP
Port Names" and "UDP Port Names" in the "Usage
Guidelines" section.
A second port argument is required only when the
operator argument is a range.
The operator argument must be one of the following
keywords:
• eq—Matches only if the port in the packet is
equal to the port argument.
• gt—Matches only if the port in the packet is
greater than and not equal to the port argument.
• lt—Matches only if the port in the packet is less
than and not equal to the port argument.
• neq—Matches only if the port in the packet is
not equal to the port argument.
• range—Requires two port arguments and
matches only if the port in the packet is equal
to or greater than the first port argument and
equal to or less than the second port argument.

Cisco Nexus 7000 Series Security Command Reference

deny (IPv6)
251