Table of Contents
Advertisement
Command Reference Guide
allow reverse list
Use the allow reverse list command to specify an Internet Protocol version 6 (IPv6) access control list
(ACL) to determine which packets are allowed to enter the interface to which the IPv6 access control
policy (ACP) is assigned, and create a firewall association in the IPv6 firewall. The allow reverse list
command is identical in function to the allow list command with the exception of the reverse keyword.
The reverse keyword instructs the firewall to use the source information as the destination information and
vice versa when attempting matches against the specified IPv6 ACL. Variations of this command include:
allow reverse list <ipv6 acl name>
allow reverse list <ipv6 acl name> policy <ipv6 acp name>
allow reverse list <ipv6 acl name> policy <ipv6 acp name> stateless
allow reverse list <ipv6 acl name> self
allow reverse list <ipv6 acl name> self stateless
allow reverse list <ipv6 acl name> stateless
Syntax Description
<ipv6 acl name>
policy <ipv6 acp name>
self
stateless
Default Values
By default, all AOS IPv6 security features are disabled and there are no configured IPv6 ACP entries.
Command History
Release 18.1
60000CRG0-35E
Specifies the IPv6 ACL against which to check traffic before allowing
packets to enter the interface. All packets not matched by the ACL will be
processed by the next IPv6 ACP entry or implicitly discarded if no further
ACP entries exist.
Optional. Specifies the destination IPv6 ACP against which to match traffic.
The firewall attempts to match the specified ACP with the ACP that is
applied to the packet's egress interface as determined by the routing table.
If there is a match, the firewall attempts to match the ACL next. If there is no
match, the firewall will process the packet based on the next ACP entry or
implicitly discard it if no further ACP entries exist.
Optional. Allows packets to pass that are permitted by the IPv6 ACL and
destined for any local interface on the unit. These packets are terminated by
the unit and are not routed or forwarded to other destinations. Using the
self keyword is helpful when opening up remote administrative access to
the unit (Telnet, secure shell (SSH), Internet Control Message Protocol
(ICMP)).
Optional. Enables bypassing of built-in firewall timers. A stateless policy
session will time out, but because it does not perform stateful attack
checking, a new policy session for existing connections can be easily
recreated. Use for trusted traffic or traffic that the firewall is incorrectly
blocking as a perceived attack.
Command was introduced.
Copyright © 2012 ADTRAN, Inc.
IPv6 Access Control Policy Command Set
3197
Advertisement
Table of Contents
