Permit, deny (extended acl), Permit, deny (extended acl) -120 – SMC Networks SMC TigerStack 1000 SMC8748M User Manual

C

OMMAND

L

INE

I

NTERFACE

4-120

permit, deny (Extended ACL)

This command adds a rule to an Extended IP ACL. The rule sets a filter
condition for packets with specific source or destination IP addresses,
protocol types, source or destination protocol ports, or TCP control codes.
Use the no form to remove a rule.

Syntax

[no] {permit | deny} [protocol-number | udp]

{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [bitmask]] [destination-port dport [port-bitmask]]

[no] {permit | deny} tcp

{any | source address-bitmask | host source}
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [bitmask]] [destination-port dport [port-bitmask]]
[control-flag control-flags flag-bitmask]

• protocol-number – A specific protocol number. (Range: 0-255)

• source – Source IP address.

• destination – Destination IP address.

• address-bitmask – Decimal number representing the address bits to

match.

• host – Keyword followed by a specific IP address.

• precedence – IP precedence level. (Range: 0-7)

• tos – Type of Service level. (Range: 0-15)

• dscp – DSCP priority level. (Range: 0-64)
• sport – Protocol

13

source port number. (Range: 0-65535)

• dport – Protocol

13

destination port number. (Range: 0-65535)

• port-bitmask – Decimal number representing the port bits to match.

(Range: 0-65535)

• control-flags – Decimal number (representing a bit string) that

specifies flag bits in byte 14 of the TCP header. (Range: 0-63)

• flag-bitmask – Decimal number representing the code bits to match.

Default Setting

None

13. Includes TCP, UDP or other protocol types.