operator
port port
destination
address
bit
count
byte
log
threshold-in
msgs count
272
(OPTIONAL) Enter one of the following logical operand:
•
eq = equal to
•
neq = not equal to
•
gt = greater than
•
lt = less than
•
range = inclusive range of ports (you must specify two
port for the port parameter.)
Enter the application layer port number. Enter two port
numbers if using the range logical operand. The range is 0 to
65535.
The following list includes some common TCP port
numbers:
•
23 = Telnet
•
20 and 21 = FTP
•
25 = SMTP
•
169 = SNMP
Enter the IPv6 address of the network or host to which the
packets are sent in the x:x:x:x::x format followed by the
prefix length in the /x format. The range is /0 to /128. The ::
notation specifies successive hexadecimal fields of zero.
Enter a flag or combination of bits:
•
ack: acknowledgement field
•
fin: finish (no more data from the user)
•
psh: push function
•
rst: reset the connection
•
syn: synchronize sequence numbers
•
urg: urgent field
(OPTIONAL) Enter the keyword count to count packets
processed by the filter.
(OPTIONAL) Enter the keyword byte to count bytes
processed by the filter.
(OPTIONAL) Enter the keyword log to enable the triggering
of ACL log messages.
(OPTIONAL) Enter the threshold-in-msgs keyword
followed by a value to indicate the maximum number of ACL
logs that can be generated, exceeding which the generation
of ACL logs is terminated with the seq, permit, or deny
commands. The threshold range is from 1 to 100.
Access Control Lists (ACL)