Enterasys Matrix DFE-Gold Series Configuration Manual page 822

Configuring Access Lists
To apply ACL restrictions to IP, UDP, or ICMP packets:
access-list access-list-number {deny | permit} protocol source [source-wildcard]
[operator [port]] destination [destination-wildcard] [operator [port]]
[tos-extensions][icmp-type [icmp-code] [log]
To apply ACL restrictions to TCP packets:
access-list access-list-number {deny | permit} protocol source [source-wildcard]
[operator [port]] destination [destination-wildcard] [operator [port]]
[tos-extensions][icmp-type [icmp-code] [established] [log]
no access-list access-list-number [entry]
Parameters
access‐list‐number
insert | replace entry
log 1‐5000 | all
move destination
source1 source2
deny | permit
protocol
source
source‐wildcard
24-18 Security Configuration
Specifies an extended access list number. Valid values are from 100 to
199.
(Optional) Inserts this new entry before a specified entry in an existing
ACL, or replaces a specified entry with this new entry.
Enable syslog for ACL entry hits. Enable syslog for sequential numbers
of ACL entries or for all ACL entries.
(Optional) Moves a sequence of access list entries before another entry.
Destination is the number of the existing entry before which this new
entry will be moved. Source1 is a single entry number or the first entry
number in the range to be moved. Source2 (optional) is the last entry
number in the range to be moved. If not specified, only the source1 entry
will be moved.
Denies or permits access if specified conditions are met.
Specifies an IP protocol for which to deny or permit access. Valid values
and their corresponding protocols are:
• 0 – 255 ‐ Any IP protocol number, as listed in http://www.iana.org/
assignments/protocol‐numbers
• ip ‐ Any Internet protocol
• icmp ‐ Internet Control Message Protocol
• udp ‐ User Datagram Protocol
• tcp ‐ Transmission Protocol
• ah ‐ Authentication Header Protocol
• esp ‐ Encapsulation Security Payload
• gre ‐ Generic Router Encapsulation Protocol
Specifies the network or host from which the packet will be sent. Valid
options for expressing source are:
• IP address or range of addresses (A.B.C.D)
• any ‐ Any source host
• host source ‐ IP address of a single source host
(Optional) Specifies the bits to ignore in the source address.
access-list (extended)