Deny - Motorola RFS7000 Series Reference Manual

10.1.2 deny

Standard ACL Config Commands
Use this command to specify packets to reject.
Syntax
deny(A.B.C.D/M|any|host)
deny any(log|rule-precedence)
deny any log(rule-precedence)<1-5000>
deny any rule-precedence<1-5000>
deny host A.B.C.D
Parameters
A.B.C.D/M
any
host
Usage Guidelines
Use this command to deny traffic based on source IP address or network address. The last ACE in the access
list is an implict deny statement.
Whenever the interface receives the packet, its content is checked against all the ACE's in the ACL. It is
allowed/denied based on the ACL configuration.
NOTE The log option is functional only for router ACL's. The log option results in an
informational logging message for the packet matching the entry sent to the
console.
Example
The example below denies all traffic entering the interface. A log message is generated in the console
whenever the interface receives a packet.
RFS7000(config-std-nacl)#deny any log rule-precedence 50
RFS7000(config-std-nacl)#
The example below denies traffic from the source network (xxx.xxx.1.0/24) and allows all other traffic to flow
through the interface.
RFS7000(config-std-nacl)#deny xxx.xxx.1.0/24 rule-precedence 60
RFS7000(config-std-nacl)#permit any
Source IP address range to match.
Any source IP address.
• log – Log matches against this entry.
• rule-precedence <1-5000> – Access-list entry precedence.
Single host address.
• A.B.C.D – Exact source IP address to match.
10-3