Table of Contents
Advertisement
Parameters
Function
operator port1
more UDP or TCP
[ port2 ]
source ports.
destination-port
Specifies one or
operator port1
more UDP or TCP
[ port2 ]
destination ports.
{ ack ack-value |
Specifies one or
fin fin-value |
more TCP flags,
psh psh-value |
including ACK, FIN,
rst rst-value |
PSH, RST, SYN, and
syn syn-value |
URG.
urg urg-value } *
Specifies the flags
for indicating the
established
established status of
a TCP connection.
If the protocol argument is icmpv6 (58), set the parameters shown in
Table 13 ICMPv6-specific parameters for IPv6 advanced ACL rules
Parameters
icmp6-type
{ icmp6-type
icmp6-code |
icmp6-message }
Table 14 ICMPv6 message names supported in IPv6 advanced ACL rules
ICMPv6 message name
echo-reply
echo-request
err-Header-field
frag-time-exceeded
hop-limit-exceeded
host-admin-prohib
host-unreachable
Description
eq (equal to), neq (not equal to), or range (inclusive range).
The port1 and port2 arguments are TCP or UDP port numbers in
the range of 0 to 65535. The port2 argument is needed only
when the operator argument is range.
TCP port numbers can be represented as: chargen (19), cmd
(514), daytime (13), discard (9), dns (53), domain (53), echo
(7), exec (512), finger (79), ftp (21), ftp-data (20), gopher (70),
hostname (101), irc (194), klogin (543), kshell (544), login
(513), lpd (515), nntp (119), pop2 (109), pop3 (110), smtp
(25), sunrpc (111), tacacs (49), talk (517), telnet (23), time
(37), uucp (540), whois (43), and www (80).
UDP port numbers can be represented as: biff (512), bootpc
(68), bootps (67), discard (9), dns (53), dnsix (90), echo (7),
mobilip-ag (434), mobilip-mn (435), nameserver (42),
netbios-dgm (138), netbios-ns (137), netbios-ssn (139), ntp
(123), rip (520), snmp (161), snmptrap (162), sunrpc (111),
syslog (514), tacacs-ds (65), talk (517), tftp (69), time (37),
who (513), and xdmcp (177).
Parameters specific to TCP.
The value for each argument can be 0 (flag bit not set) or 1 (flag
bit set).
The TCP flags in a rule are ANDed. For example, a rule
configured with ack 0 psh 1 matches packets that have the ACK
flag bit not set and the PSH flag bit set.
Parameter specific to TCP.
The rule matches TCP packets with the ACK or RST flag bit set.
Function
Specifies the ICMPv6
message type and
code.
ICMPv6 message type
129
128
4
3
3
1
1
27
Description
The icmp6-type argument is in the range of 0 to 255.
The icmp6-code argument is in the range of 0 to 255.
The icmp6-message argument specifies a message
name. Supported ICMP message names and their
corresponding type and code values are listed in
14.
Table
13.
ICMPv6 message code
0
0
0
1
0
1
3
Table
Advertisement
Chapters
Table of Contents
