ADTRAN AOS Version R10.1.0 Command Reference Manual page 3195

Command Reference Guide
allow list
Use the allow list command to specify an Internet Protocol version 6 (IPv6) access control list (ACL) to
determine which packets are allowed to enter the interface to which the IPv6 access control policy (ACP)
is assigned, and create a firewall association in the IPv6 firewall. All associations created by the allow list
command are subject to the built-in firewall timers. Variations of this command include:
allow list <ipv6 acl name>
allow list <ipv6 acl name> policy <ipv6 acp name>
allow list <ipv6 acl name> policy <ipv6 acp name> stateless
allow list <ipv6 acl name> self
allow list <ipv6 acl name> self stateless
allow list <ipv6 acl name> stateless
Syntax Description
<ipv6 acl name>
policy <ipv6 acp name>
self
stateless
Default Values
By default, all AOS IPv6 security features are disabled and there are no configured IPv6 ACP entries.
Command History
Release 18.1
60000CRG0-35E
Specifies the IPv6 ACL against which to check traffic before allowing
packets to enter the interface. All packets not matched by the IPv6 ACL will
be processed by the next IPv6 ACP entry or implicitly discarded if no further
ACP entries exist.
Optional. Specifies the destination IPv6 ACP against which to match traffic.
The IPv6 firewall attempts to match the specified ACP with the ACP that is
applied to the packet's egress interface as determined by the routing table.
If there is a match, the firewall attempts to match the ACL next. If there is no
match, the firewall will process the packet based on the next ACP entry or
implicitly discard it if no further ACP entries exist.
Optional. Allows packets to pass that are permitted by the IPv6 ACL and
destined for any local interface on the unit. These packets are terminated by
the unit and are not routed or forwarded to other destinations. Using the
self keyword is helpful when opening up remote administrative access to
the unit (Telnet, secure shell (SSH), Internet Control Message Protocol
(ICMP)).
Optional. Enables bypassing of built-in firewall timers. A stateless policy
session will time out, but because it does not perform stateful attack
checking, a new policy session for existing connections can be easily
recreated. Use for trusted traffic or traffic that the firewall is incorrectly
blocking as a perceived attack.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control Policy Command Set
3195