86
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
Chapter D Commands
deny udp (IPv6)
operator port [port] (Optional) Rule matches only packets that are from a source port or sent to
a destination port that satisfies the conditions of the operator and port
arguments. Whether these arguments apply to a source port or a destination
port depends upon whether you specify them after the source argument or
after the destination argument.
The port argument can be the name or the number of a UDP port. Valid
numbers are integers from 0 to 65535. For listings of valid port names, see
the “UDP Port Names” section in the “Usage Guidelines” section.
A second port argument is required only when the operator argument is a
range.
The operator argument must be one of the following keywords:
• eq—Matches only if the port in the packet is equal to the port argument.
• gt—Matches only if the port in the packet is greater than the port
argument.
• lt—Matches only if the port in the packet is less than the port argument.
• neq—Matches only if the port in the packet is not equal to the port
argument.
• range—Requires two port arguments and matches only if the port in the
packet is equal to or greater than the first port argument and equal to or
less than the second port argument.
portgroup portgroup (Optional) Specifies that the rule matches only packets that are from a source
port or to a destination port that is a member of the IP port-group object
specified by the portgroup argument. Whether the port-group object applies
to a source port or a destination port depends upon whether you specify it
after the source argument or after the destination argument.
Use the object-group ip port command to create and change IP port-group
objects.
To Next Page
Loading...
