Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Multi-Service IronWare Security Configuration Guide

111

53-1003035-02

Configuring numbered and named ACLs

3

operator

Specifies a comparison operator for the TCP or UDP port number. You can
enter one of the following operators:

•

eq – The policy applies to the TCP or UDP port name or number you
enter after eq.

•

gt – The policy applies to TCP or UDP port numbers greater than the
port number or the numeric equivalent of the port name you enter
after gt.

•

lt – The policy applies to TCP or UDP port numbers that are less than
the port number or the numeric equivalent of the port name you enter
after lt.

•

neq – The policy applies to all TCP or UDP port numbers except the
port number or port name you enter after neq.

•

range – The policy applies to all TCP or UDP port numbers that are
between the first TCP or UDP port name or number and the second
one you enter following the range parameter. The range includes the
port names or numbers you enter. For example, to apply the policy to
all ports between and including 23 (Telnet) and 53 (DNS), enter the
following: range 23 53. The first port number in the range must be
lower than the last number in the range.

•

established – This operator applies only to TCP packets. If you use
this operator, the policy applies to TCP packets that have the ACK
(Acknowledgment) or RST (Reset) bits set on (set to “1”) in the Control
Bits field of the TCP packet header. Thus, the policy applies only to
established TCP sessions, not to new sessions. Refer to Section 3.1,
“Header Format”, in RFC 793 for information about this field.

NOTE

This operator applies only to destination TCP ports, not source TCP ports.

source-tcp/udp-port

Enter the source TCP or UDP port number.

destination-tcp/udp-p
ort

Enter the destination TCP or UDP port number.