94 ACL Commands
•
deny-tcp
[
disable-port
] {
any
|{
source source-wildcard
}} {
any
|
source-port
} {
any
|{
destination
destination-wildcard
}} {
any
|
destination-port
} [
dscp
number | ip-precedence number
] [
flags
list-of-
flags
] [
src-port-wildcard
source-port-wildcard
] [
dst-port-wildcard
source-port-wildcard
]
•
deny-udp
[
disable-port
] {
any
|{
source source-wildcard
}} {
any
|
source-port
} {
any
|{
destination
destination-wildcard
}} {
any
|
destination-port
} [
dscp
number
|
ip-precedence
number
] [
src-port-
wildcard
source-port-wildcard
] [
dst-port-wildcard
source-port-wildcard
]
•
disable-port
— Specifies that the Ethernet interface is disabled if the condition is matched.
•
source
— Specifies the Source IP address of the packet.
•
source-wildcard
— Specifies wildcard bits to be applied to the source IP address by placing 1s in bit
positions to be ignored.
•
destination
— Specifies the destination IP address of the packet.
•
destination- wildcard
— Specifies wildcard bits to be applied to the destination IP address by
placing 1s in bit positions to be ignored.
•
protocol
— Specifies the name or the number of an IP protocol. Available protocol names:
icmp,
igmp, ip, tcp, egp, igp, udp, hmp, rdp, idpr, idrp, rsvp, gre, esp, ah, eigrp, ospf, ipip, pim, l2tp,
isis
. (Range: 0 - 255)
•
dscp
number
— Specifies the DSCP value.
•
ip-precedence
number
— Specifies the IP precedence value.
•
icmp-type
— Specifies an ICMP message type for filtering ICMP packets. Enter a number or one
of the following values:
echo-reply, destination-unreachable, source-quench, redirect, alternate-
host-address, echo-request, router-advertisement, router-solicitation, time-exceeded, parameter-
problem, timestamp, timestamp-reply, information-request, information-reply, address-mask-
request, address-mask-reply, traceroute, datagram-conversion-error, mobile-host-redirect, mobile-
registration-request, mobile-registration-reply, domain-name-request, domain-name-reply, skip,
photuris.
•
icmp-code
— Specifies an ICMP message code for filtering ICMP packets. (Range: 0 - 255)
•
igmp-type
— Specifies IGMP packets filtered by IGMP message type. Enter a number or one of
the following values:
host-query, host-report, dvmrp, pim, cisco-trace, host-report-v2, host-leave-
v2, host-report-v3
. (Range: 0 - 255)
•
destination-port
— Specifies the UDP/TCP destination port. (Range: 1 - 65535)
•
destination-port-wildcard
— Specifies wildcard bits to be applied to the destination port by placing
1s in bit positions to be ignored.
•
source-port
— Specifies the UDP/TCP source port. (Range: 1 - 65535)
•
source-port-wildcard
— Specifies wildcard bits to be applied to the source port by placing 1s in bit
positions to be ignored.
•
flags
list-of-flags
— Specifies the list of TCP flags. If a flag should be set it is prefixed by "+". If a
flag is not set, it is prefixed by "-". Available options are
+urg, +ack, +psh, +rst, +syn, +fin, -urg,
-ack, -psh, -rst, -syn
and
-fin
. The flags are concatenated to a one string. For example:
+fin-ack
.
book.book Page 94 Thursday, December 18, 2008 7:40 PM
To Next Page
Loading...
