access-list (extended)
SecureStack C2 Configuration Guide 18-73
access-list (extended)
UsethiscommandtodefineanextendedIPaccesslistbynumberwhenoperatinginroutermode.
Thenoformofthiscommandremovesthedefinedaccesslistorentry:
Syntax
To apply ACL restrictions to IP, UDP, ICMP or TCP packets:
access-list access-list-number {deny | permit} protocol source [source-wildcard]
[operator [port]] destination [destination-wildcard]
no access-list access-list-number [entry]
To insert or replace an ACL entry:
access-list access-list-number insert | replace entry
To move entries within an ACL:
access-list access-list-number move destination source1 [source2]
Parameters
access‐list‐number Specif iesanextendedaccesslistnumber.Validvaluesarefrom100to199.
deny|permit Deniesorpermitsaccessifspecifiedconditionsaremet.
protocol SpecifiesanIPprotocolforwhichtodenyorpermitaccess.Validvalues
andtheircorrespondingprotocolsare:
•ip‐AnyInternetprotocol
• udp‐User
DatagramProtocol
• tcp‐TransmissionControlProtocol
• icmp‐InternetControlMessageProtocol
source Specifiesthenetworkorhostfromwhichthepacketwillbesent.Valid
optionsforexpressingsourceare:
•IPaddressorrangeofaddresses(A.B.C.D)
• any‐Anysourcehost
• hostsource‐IPaddressofasinglesourcehost
source‐wildcard
(Optional)Specifiesthebitstoignoreinthesourceaddress.
operatorport (Optional)AppliesaccessrulestoTCPorUDPsourceordestinationport
numbers.Possibleoperandis:
• eqport‐Matchesonlypacketsonagivenportnumber.
destination Specifiesthenetworkorhosttowhichthepacketwillbesent.Valid
options
forexpressingdestinationare:
•IPaddress(A.B.C.D)
• any‐Anydestinationhost
• hostsource‐IPaddressofasingledestinationhost
destination‐
wildcard
(Optional)Specifiesthebitstoignoreinthedestinationaddress.
To Next Page
Loading...
Need help?
General