beautypg.com

Seq (extended ip acls), Seq (extended ip acls), seq – Brocade Network OS Command Reference v4.1.0 User Manual

Page 683

background image

Network OS Command Reference

645

53-1003115-01

seq (extended IP ACLs)

2

seq (extended IP ACLs)

Inserts a rule anywhere in the IP ACL.

Synopsis

seq seq-value {permit | deny | hard-drop} ip-protocol {any | SIP mask | host SIP} [{eq | gt | lt |
neq | range} sport number] {any | DIP mask | host DIP} [{eq | gt | lt | neq | range} dport number]
[dscp value] [ack fin rst sync urg psh] [count] [log]

no seq seq-value {permit | deny | hard-drop} ip-protocol {any | SIP mask | host SIP} [{eq | gt | lt |
neq | range} sport number] {any | DIP mask | host DIP} [{eq | gt | lt | neq | range} dport number]
[dscp value] [ack fin rst sync urg psh] [count] [log]

Operands

seq-value

Specifies the sequence number for the rule. Valid values range from 0
through 65535.

permit

Specifies rules to permit traffic.

deny

Specifies rules to deny traffic.

hard-drop

Overrides the trap behavior for control frames and data frames such as
echo request (ping). See the Usage Guidelines.

ip-protocol

Indicates the type of IP packet you are filtering. You can specify a
well-known name for any protocol whose number is less than 255;
otherwise, any decimal number may be entered.

any

Specifies any source IP address.

host Source_IP_ADDRESS

Specifies the source host IP address for which to set permit or deny
conditions.

Source_IP_mask Specifies the source host IP address for which to set permit or deny

conditions. The address can also be entered as an IP address, or an
IP address with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format, or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format, you can mask for any bit. For example, 0.255.0.255
is valid.

source_port_number This field is only valid when the ip-protocol has been specified as UDP or

TCP. The keyword “operator” defines how to apply the sport numbers that
follow.

eq

The policy applies to the TCP or UDP port name or number you enter
after eq.

gt

The policy applies to TCP or UDP port numbers greater than the port
number or the numeric equivalent of the port name you enter after gt.

lt

The policy applies to TCP or UDP port numbers that are less than the port
number or the numeric equivalent of the port name you enter after lt.

neq

The policy applies to all TCP or UDP port numbers except the port number
or port name you enter after neq.

See also other documents in the category Brocade Computer Accessories: