Brocade Network OS Administrator’s Guide v4.1.1 User Manual
Page 463

IP ACL parameters
TABLE 75
ACL / Rule type
IP ACL
parameter
IP ACL parameter definition
Standard IP ACL
name
The name of the standard IP ACL. The name must begin with a-z, A-Z, or
0-9. Underscores and hyphens are also accepted except as the first
character. The ACL name must be unique among all ACL types (L2/L3) and
cannot contain more than 63 characters.
Standard IP ACL
rule
seq
The sequence number of the rule. The number must be from 0 through
4294967290. A rule without a sequence number is allocated one. The
allocated sequence can be changed by the user using the resequence
command.
permit/deny
Specifies whether to permit or deny traffic for the combination specified in
the rule.
any/host
The IP address of the host from which ingress traffic must be filtered.
Extended IP ACL
name
The name of the extended IP Access Control List. The name must begin
with a-z, A-Z, or 0-9. Underscores and hyphens are also accepted except as
the first character. The ACL name must be unique among all ACL types
(L2/L3) and cannot contain more than 63 characters.
Extended IP ACL
Rule
seq
The sequence number of the rule. The number must be from 0 through
65535. A rule without a sequence number is allocated one. The allocated
sequence can be changed by the user using the resequence command.
permit/deny
Specifies whether to permit or deny traffic for the combination specified in
the rule.
protocol
Indicates the type of IP packet to be filtered.
any/host
The IP address of the host from which inbound traffic must be filtered.
any
The IP address of the host to which egress or control of outbound traffic
must be blocked. Because the egress and outbound traffic is blocked, the
destination address is always "any" (which also covers the Virtual IP
address of a host).
port-number
Indicates the source or destination port for which the filter is applicable. This
is applicable for both UDP and TCP. The number is from 0 through 65535.
range
If there is more than one destination port that must be filtered through the
ACL rule, use the range parameter to specify the starting port and end port.
eq
If there is only one destination port that must be filtered through the ACL
rule, use the eq parameter.
dscp value
Compares the specified value against the DSCP value of the received
packet. The range of valid values is from 0 through 63.
ack, fin, rst, sync,
urg, psh
Any combination of the TCP flags may be specified.
log
Packets matching the filter is sent to the CPU and a corresponding log entry
is generated. The optional log parameter enables the logging mechanism.
This option is only available with permit and deny.
Configuring ACLs
Network OS Administrator’s Guide
463
53-1003225-04