D-Link DWS-1008 Cli Reference Manual page 280

DWS-1008 CLI Reference Guide
You cannot perform ACL functions that include permitting, denying, or marking with
a Class of Service (CoS) level on packets with a multicast or broadcast destination
address.
The order of security ACEs in a security ACL is important. Once an ACL is active, its
ACEs are checked according to their order in the ACL. If an ACE criterion is met, its
action takes place and any ACEs that follow are ignored.
ACEs are listed in the order in which you create them, unless you move them.To position security
ACEs within a security ACL, use before editbuffer-index and modify editbuffer-index.
Examples: The following command adds an ACE to security acl_123 that permits packets
from IP address 192.168.1.11/24 and counts the hits:
DWS-1008# set security acl ip acl_123 permit 192.168.1.11 0.0.0.255 hits
The following command adds an ACE to acl_123 that denies packets from IP address
192.168.2.11:
DWS-1008# set security acl ip acl_123 deny 192.168.2.11 0.0.0.0
The following command creates acl_125 by defining an ACE that denies TCP packets
from source IP address 192.168.0.1 to destination IP address 192.168.0.2 for established
sessions only, and counts the hits:
DWS-1008# set security acl ip acl_125 deny tcp 192.168.0.1 0.0.0.0 192.168.0.2
0.0.0.0 established hits
The following command adds an ACE to acl_125 that denies TCP packets from source IP
address 192.168.1.1 to destination IP address 192.168.1.2, on destination port 80 only,
and counts the hits:
DWS-1008# set security acl ip acl_125 deny tcp 192.168.1.1 0.0.0.0 192.168.1.2
0.0.0.0 eq 80 hits
Finally, the following command commits the security ACLs in the edit buffer to the
configuration:
DWS-1008# commit security acl all
configuration accepted
D-Link Systems, Inc.
Security ACL Commands
279