40
Cisco Nexus 5500 Series NX-OS Security Command Reference
OL-27883-02
deny icmp (IPv4)
To create an access control list (ACL) rule that denies ICMP IPv4 traffic matching its conditions, use the
deny command. To remove a rule, use the no form of this command.
[sequence-number] deny icmp source destination [icmp-message | dscp dscp| log | precedence
precedence | fragments]
no deny icmp source destination [icmp-message | dscp dscp | log | precedence precedence |
fragments]
no sequence-number
Syntax Description sequence-number (Optional) Sequence number of the deny command, which causes the switch
to insert the command in that numbered position in the access list. Sequence
numbers maintain the order of rules within an ACL.
A sequence number can be any integer between 1 and 4294967295.
By default, the first rule in an ACL has a sequence number of 10.
If you do not specify a sequence number, the switch adds the rule to the end
of the ACL and assigns to it a sequence number that is 10 greater than the
sequence number of the preceding rule.
Use the resequence command to reassign sequence numbers to rules.
source Source IPv4 addresses that the rule matches. For details about the methods
that you can use to specify this argument, see the “Source and Destination”
section in the “Usage Guidelines” section.
destination Destination IPv4 addresses that the rule matches. For details about the
methods that you can use to specify this argument, see the “Source and
Destination” section in the “Usage Guidelines” section.
icmp-message (Optional) Rule that matches only packets of the specified ICMP message
type. This argument can be an integer from 0 to 255 or one of the keywords
listed under the “ICMP Message Types” section in the “Usage Guidelines”
section.
To Next Page
Loading...
