ADTRAN AOS Version R10.1.0 Command Reference Manual page 3130

Command Reference Guide
deny <protocol> <source> <source port> <destination> <destination port>
Use the deny command to configure the Internet Protocol version 4 (IPv4) extended access control list
(ACL) to deny specified packets entry into the routing system. Use the no form of this command to remove
the deny parameter from the ACL. Variations of this command include:
deny <protocol> <source> <source port> <destination> <destination port>
deny <protocol> <source> <source port> <destination> <destination port> log
deny <protocol> <source> <source port> <destination> <destination port> track <name>
Syntax Description
<protocol>
<source>
<source port>
60000CRG0-35E
Specifies the data protocol ip, icmp, tcp, udp, ahp, esp, gre, or a specific
protocol. Range is 0 to 255.
Specifies the source used for packet matching. Sources can be expressed in
one of four ways:
1. Using the keyword any to match any IPv4 address.
2. Using host <ip address> to specify a single host address. IPv4 addresses
should be expressed in dotted decimal notation (for example, 10.10.10.1).
3. Using the <ip address> <wildcard mask> format to match all IPv4
addresses in a range. The wildcard mask corresponds to a range of IPv4
addresses (network) or a specific host. Wildcard masks are expressed in
dotted decimal notation (for example, 0.0.0.255).
4. Using the keyword hostname <hostname> to match based on a DNS
name. The unit must be configured with DNS servers for this function to
work. Using vrf <name> in conjunction with the hostname parameter
associates a nondefault VRF with the DNS host name for the source. The
VRF is required if the router's DNS server is on a nondefault VRF. This
parameter can only be used with the hostname source.
Optional. The source port is used only when <protocol> is tcp or udp. The
following keywords and port numbers/names are supported for the
<source port> field:
any
eq <port number/name>
gt <port number/name>
lt <port number/name>
neq <port number/name>
range <begin port number/name>
<end port number/name>
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control List Command Set
Matches any destination port.
Matches only packets equal to specified
port number.
Matches only packets with a port number
greater than the specified port number.
Matches only packets with a port number
less than the specified port number.
Matches only packets that are not equal
to the specified port number.
Matches only packets that contain a port
number in the specified range.
3130