4-9
Parameters Function Description
logging
Specifies to log matched
packets
This function requires that the module using the
ACL (for example, a firewall using the ACL)
support logging.
fragment
Indicates that the rule applies to
only non-first fragments.
Without this keyword, the rule applies to all
fragments and non-fragments.
time-range
time-range-name
Specifies the time range in
which the rule takes effect.
The time-range-name argument is a case
insensitive string of 1 to 32 characters. It must
start with an English letter and cannot be named
all
to avoid confusion.
Setting the protocol argument to tcp or udp, you may define the parameters shown in
Table 4-3.
Table 4-3 TCP/UDP-specific parameters for advanced IPv6 ACL rules
Parameters Function Description
source-port
operator
port1 [ port2 ]
Specifies one or more UDP or
TCP source ports.
destination-port
operator port1 [ port2 ]
Specifies one or more UDP or
TCP destination ports.
The operator argument can be
lt
(lower than),
gt
(greater than),
eq
(equal to),
neq
(not equal to),
or
range
(inclusive range).
The port1 and port2 arguments are TCP or UDP
port numbers in the range 0 to 65535. port2 is
needed only when the operator argument is
range
.
TCP port numbers can be represented in these
words:
chargen
(19),
bgp
(179),
cmd
(514),
daytime
(13),
discard
(9),
domain
(53),
echo
(7),
exec
(512),
finger
(79),
ftp
(21),
ftp-data
(20),
gopher
(70),
hostname
(101),
irc
(194),
klogin
(543),
kshell
(544),
login
(513),
lpd
(515),
nntp
(119),
pop2
(109),
pop3
(110),
smtp
(25),
sunrpc
(111),
tacacs
(49),
talk
(517),
telnet
(23),
time
(37),
uucp
(540),
whois
(43), and
www
(80).
UDP port numbers can be represented in these
words:
biff
(512),
bootpc
(68),
bootps
(67),
discard
(9),
dns
(53),
dnsix
(90),
echo
(7),
mobilip-ag
(434),
mobilip-mn
(435),
nameserver
(42),
netbios-dgm
(138),
netbios-ns
(137),
netbios-ssn
(139),
ntp
(123),
rip
(520),
snmp
(161),
snmptrap
(162),
sunrpc
(111),
syslog
(514),
tacacs-ds
(65),
talk
(517),
tftp
(69),
time
(37),
who
(513), and
xdmcp
(177).
{
ack
ack-value |
fin
fin-value |
psh
psh-value
|
rst
rst-value |
syn
syn-value |
urg
urg-value } *
Specifies one or more TCP
flags.
Parameters specific to TCP.
The value for each argument can be 0 or 1.
The TCP flags in one rule are ANDed.
established
Specifies the TCP flags ACK
and RST
Parameter specific to TCP.
Setting the protocol argument to icmpv6, you may define the parameters shown in
Table 4-4.
To Next Page
Loading...
Need help?
General