deny-tcp [disable-port] {any|{ source source-wildcard}} {any|source-port} {any|{destination
•
destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [flags list-of-
flags] [src-port-wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcard]
•
deny-udp [disable-port] {any|{ source source-wildcard}} {any| source-port} {any|{destination
destination-wildcard}} {any|destination-port} [dscp number | ip-precedence number] [src-port-
wildcard source-port-wildcard] [dst-port-wildcard source-port-wildcard]
•
disable-port — Specifies that the Ethernet interface is disabled if the condition is matched.
•
source — Specifies the Source IP address of the packet.
source-wildcard — Specifies wildcard bits to be applied to the source IP address by placing 1s in bit
•
positions to be ignored.
•
destination — Specifies the destination IP address of the packet.
destination- wildcard — Specifies wildcard bits to be applied to the destination IP address by
•
placing 1s in bit positions to be ignored.
•
protocol — Specifies the name or the number of an IP protocol. Available protocol names: icmp,
igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp,
isis. (Range: 0 - 255)
dscp number — Specifies the DSCP value.
•
•
ip-precedence number — Specifies the IP precedence value.
•
icmp-type — Specifies an ICMP message type for filtering ICMP packets. Enter a number or one
of the following values: echo-reply, destination-unreachable, source-quench, redirect, alternate-
host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-
problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-
request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-
registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip,
photuris.
•
icmp-code — Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
igmp-type — Specifies IGMP packets filtered by IGMP message type. Enter a number or one of
•
the following values: host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-
v2, host-report-v3. (Range: 0 - 255)
•
destination-port — Specifies the UDP/TCP destination port. (Range: 1 - 65535)
•
destination-port-wildcard — Specifies wildcard bits to be applied to the destination port by placing
1s in bit positions to be ignored.
•
source-port — Specifies the UDP/TCP source port. (Range: 1 - 65535)
•
source-port-wildcard — Specifies wildcard bits to be applied to the source port by placing 1s in bit
positions to be ignored.
•
flags list-of-flags — Specifies the list of TCP flags. If a flag should be set it is prefixed by "+". If a
flag is not set, it is prefixed by "-". Available options are +urg, +ack, +psh, +rst, +syn, +fin, -urg,
-ack, -psh, -rst, -syn and -fin. The flags are concatenated to a one string. For example: +fin-ack.
94
ACL Commands