Deny - Motorola RFS7000 Series Reference Manual

14.1.2 deny

Extended ACL Config Commands
Use this command to specify packets to reject.
Syntax
deny(icmp|ip|tcp|udp)
deny {ip} {source/source-mask | host source | any} {destination/destination-mask
| host destination | any} [log] [rule-precedence access-list-entry precedence]
deny {icmp} {source/source-mask | host source | any} {destination/ destination-
mask | host destination | any} [icmp-type | [icmp-type icmp-code]] [log] [rule-
precedence access-list-entry precedence]
deny {tcp|udp} {source/source-mask | host source | any} [operator source-port]
{destination/destination-mask | host destination | any} [operator destination-
port] [log] [rule-precedence access-list-entry precedence]
Parameters
deny {ip} {source/source-
mask | host source | any}
{destination/destination-
mask | host destination |
any} [log] [rule-
precedence access-list-
entry precedence]
Use with a command to reject IP packets.
deny
• deny – The keyword specifies deny action on an ACL.
• {ip} – Specifies IP (to match any protocol).
• {source/source-mask | host source | any} – The keyword source is the
source IP address of the network or host in dotted decimal format. Source-
mask is the network mask. For example, 10.1.1.10/24 indicates the first 24
bits of the source IP are used for matching.
• any is an abbreviation for a source IP of 0.0.0.0 and source-mask bits
equal to 0.
• host is an abbreviation for exact source (A.B.C.D) and source-mask
bits equal to 32.
• {destination/destination-mask | host destination | any} – The destination
host IP address or destination network address.
• [log] – Generates log messages when the packet coming from the
interface matches the ACL entry. Log messages are generated only for
router ACLs.
• [rule-precedence access-list-entry precedence] – Integer value between
1-5000. This value sets the rule precedence in the ACL.
14-3