Table of Contents
Advertisement
Command Reference Guide
allow list
Use the allow list command to specify an Internet Protocol version 4 (IPv4) access control list (ACL) to
determine which packets are allowed to enter the interface to which the IPv4 access control policy (ACP)
is assigned, and create a firewall association in the firewall. All associations created by the allow list
command are subject to the built-in firewall timers (refer to
this command include:
allow list <ipv4 acl name>
allow list <ipv4 acl name> policy <ipv4 acp name>
allow list <ipv4 acl name> policy <ipv4 acp name> stateless
allow list <ipv4 acl name> self
allow list <ipv4 acl name> self stateless
allow list <ipv4 acl name> stateless
Syntax Description
<ipv4 acl name>
policy <ipv4 acp name>
self
stateless
Default Values
By default, all AOS security features are disabled and there are no configured IPv4 ACP entries.
60000CRG0-35E
Specifies the IPv4 ACL against which to check traffic before allowing
packets to enter the interface. All packets not matched by the IPv4 ACL will
be processed by the next IPv4 ACP entry or implicitly discarded if no further
IPv4 ACP entries exist.
Optional. Specifies the destination IPv4 ACP against which to match traffic.
The firewall attempts to match the specified IPv4 ACP with the IPv4 ACP
that is applied to the packet's egress interface as determined by the routing
table or policy-based routing configuration. If there is a match, the firewall
will process the packet. If there is no match, the firewall will process the
packet based on the next IPv4 ACP entry or implicitly discard it if no further
IPv4 ACP entries exist.
Optional. Allows packets to pass that are permitted by the IPv4 ACL and
destined for any local interface on the unit. These packets are terminated by
the unit and are not routed or forwarded to other destinations. Using the
self keyword is helpful when opening up remote administrative access to
the unit (Telnet, secure shell (SSH), Internet Control Message Protocol
(ICMP), Web-based graphical user interface (GUI)).
Optional. Enables bypassing of stateful firewall processing and
application-level gateways (ALGs). Use for trusted traffic or traffic that the
firewall is incorrectly blocking as a perceived attack. Stateless processing is
helpful when passing traffic over virtual private network (VPN) tunnels.
Traffic sent over VPN tunnels is purposely selected and encrypted; there is
no need for additional inspection of the traffic by the firewall. VPN
configurations created using the VPN Wizard in the GUI use stateless
processing by default.
Copyright © 2012 ADTRAN, Inc.
IPv4 Access Control Policy Command Set
ip policy-timeout on page
1063). Variations of
3147
Advertisement
Table of Contents
