Patton electronic ONSITE 2800 User Manual
Page 87
Access control list configuration task list
87
OnSite 2800 Series User Manual
7 • Access control list configuration
The same effect can also be obtained by using the simpler message name option. See the following example.
2800(cfg)#profile acl WanRx
2800(pf-acl)[WanRX]#deny icmp any any msg echo
2800(pf-acl)[WanRX]#exit
2800(cfg)#
Adding a TCP, UDP or SCTP filter rule to the current access control list profile
The commands permit or deny are used to define a TCP, UDP or SCTP filter rule. Each TCP, UDP or SCTP
filter rule represents a respective access of control list entry.
This procedure describes how to create a TCP, UDP or SCTP access control list entry that permits access
Mode: Profile access control list
This procedure describes how to create a TCP, UDP or SCTP access control list entry that denies access
Mode: Profile access control list
Step
Command
Purpose
1
node(pf-acl)[name]#permit {tcp | udp | sctp} {src src-wild-
card | any | host src} [{eq port | gt port | lt port | range
from to}] {dest dest-wildcard | any | host dest} [{eq port | gt
port | lt port | range from to}] [{cos group | cos-rtp group-
data group-ctrl}]
Creates a TCP, UDP or SCTP
access of control list entry that
permits access defined according
to the command options
Step
Command
Purpose
1
node(pf-acl)[name]#deny {tcp | udp | sctp} {src src-
wildcard | any | host src} [{eq port | gt port | lt port |
range from to}] {dest dest-wildcard | any | host dest} [{eq
port | gt port | lt port | range from to}] [{cos group | cos-
rtp group-data group-ctrl}]
Creates a TCP, UDP or SCTP
access of control list entry that
denies access defined according
to the command options