For tcp – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual
Page 219
Multi-Service IronWare Security Configuration Guide
201
53-1003035-02
Extended IPv6 ACLs
4
•
port-unreachable
•
reassembly-timeout
•
renum-command
•
renum-result
•
renum-seq-number
•
router-advertisement
•
router-renumbering
•
router-solicitation
•
routing
•
sequence
•
time-exceeded
•
unreachable
The following example shows a configuration to filter ICMP packets.
Brocade(config)# ipv6 access-list ipv6-icmp-sample2
permit icmp any any echo-reply
permit icmp any any echo-request
deny icmp any any unreachable
deny icmp any any time-exceeded
permit icmp any any 146 0
permit icmp any any 1
For TCP
Syntax: [no] ipv6 access-list acl name
Syntax: permit | deny tcp
ipv6-source-prefix/prefix-length | any | host source-ipv6_address [tcp-udp-operator
[source-port-number]]
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[tcp-udp-operator [destination-port- number]]
[ipv6-operator [value]] [tcp-operator [value]]
[copy-sflow] | [drop-precedence dp-value] | [drop-precedence-force dp-value] |
[dscp-marking number] | [dscp dscp-value] | [eq | gt | lt | neq | range port-number] |
[established] | [mirror] | [priority-force number] | [sequence num] | [syn]
Syntax: [no] sequence num permit | deny tcp
ipv6-source-prefix/prefix-length | any | host source-ipv6_address [tcp-udp-operator
[source-port-number]]
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[tcp-udp-operator [destination-port- number]]
[ipv6-operator [value]] [tcp-operator [value]]
[copy-sflow] | [drop-precedence dp-value] | [drop-precedence-force dp-value] |
[dscp-marking number] | [dscp dscp-value] | [eq | gt | lt | neq | range port-number] |
[established] | [mirror] | [priority-force number] | [syn]
Syntax: regenerate-seq-num [num]
The tcp protocol indicates the you are filtering the TCP packets.