HP E4510-48G Command Reference Manual page 833

Table 14-5 TCP/UDP-specific parameters for advanced IPv4 ACL rules
Parameters
source-port operator
port1 [ port2 ]
destination-port
operator port1
[ port2 ]
{ ack ack-value | fin
fin-value | psh
psh-value | rst
rst-value | syn
syn-value | urg
urg-value } *
established
Setting the protocol argument to icmp, you may define the parameters shown in
Function
Specifies one or more
UDP or TCP source
ports.
Specifies one or more
UDP or TCP
destination ports.
Specifies one or more
TCP flags
Specifies TCP flags
ACK and RST
14-14
Description
The operator argument can be lt (lower than), gt
(greater than), eq (equal to), neq (not equal to),
or range (inclusive range).
The port1 and port2 arguments are TCP or UDP
port numbers in the range 0 to 65535. port2 is
needed only when the operator argument is
range.
TCP port numbers can be represented in these
words: chargen (19), bgp (179), cmd (514),
daytime (13), discard (9), domain (53), echo
(7), exec (512), finger (79), ftp (21), ftp-data
(20), gopher (70), hostname (101), irc (194),
klogin (543), kshell (544), login (513), lpd
(515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (111), tacacs (49), talk
(517), telnet (23), time (37), uucp (540), whois
(43), and www (80).
UDP port numbers can be represented in these
words: biff (512), bootpc (68), bootps (67),
discard (9), dns (53), dnsix (90), echo (7),
mobilip-ag (434), mobilip-mn (435),
nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp (123),
rip (520), snmp (161), snmptrap (162), sunrpc
(111), syslog (514), tacacs-ds (65), talk (517),
tftp (69), time (37), who (513), and xdmcp
(177).
With the range operator, the value of port2 does
not need to be greater than that of port1
because the switch can automatically judge the
value range. If the two values are the same, the
switch will convert the operator range to eq.
Note that if you specify a combination of lt 1 or
gt 65534, the switch will convert it to eq 0 or eq
65535.
Parameters specific to TCP.
The value for each argument can be 0 or 1.
If multiple TCP flags are specified in the rule,
they are in the AND relation.
With the keyowrd, the rule applies to pakets with
the value of the ACK or RST flag being 1.
Table 14-6.