beautypg.com

For udp – Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

Page 220

background image

202

Multi-Service IronWare Security Configuration Guide

53-1003035-02

Extended IPv6 ACLs

4

The tcp-udp-operator parameter can be one of the following:

eq – Applies to the TCP or UDP port name or number you enter after eq.

gt – Applies to TCP or UDP port numbers greater than the port number or the numeric
equivalent of the port name you enter after gt. Enter “?” to list the port names.

lt – Applies to TCP or UDP port numbers that are less than the port number or the numeric
equivalent of the port name you enter after lt.

neq – Applies to all TCP or UDP port numbers except the port number or port name you enter
after neq.

range – Applies to all TCP port numbers between the first and second TCP or UDP port name or
number you enter following the range parameter. The range includes the port names or
numbers you enter. For example, to apply the policy to all ports between and including 23
(Telnet) and 53 (DNS), enter the following: range 23 53. The first port number in the range
must be lower than the last number in the range.

The source-port number and destination-port-number for the tcp-udp-operator are the numbers of
the source and destination ports.

The tcp-operator [value] parameter specifies a comparison operator for the TCP port. This
parameter applies only when you specify tcp as the protocol. You can enter one of the following
operators:

established – Applies only to the TCP packets. If you use this operator, the policy applies to the
TCP packets that have the ACK or RST bits set on (set to “1”) in the Control Bits field of the TCP
packet header. Applies only to established TCP sessions, not to new sessions.

syn – Applies to the TCP packets with the SYN bits set on (set to “1”) in the Control Bits field of
the TCP packet header.

For UDP

Syntax: [no] ipv6 access-list acl name

Syntax: permit | deny [ vlan vlan-id] udp

ipv6-source-prefix/prefix-length | any | host source-ipv6_address [tcp-udp-operator
[source port number]]
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[tcp-udp-operator [destination port number]]
[ipv6-operator [value]]
[copy-sflow] | [drop-precedence dp-value] | [drop-precedence-force dp-value] |
[dscp-marking number] | [dscp dscp-value] | [eq | gt | lt | neq | range port-number] |
[mirror] | [priority-force number] | [sequence num]

Syntax: [no] sequence num permit | deny [ vlan vlan-id] udp

ipv6-source-prefix/prefix-length | any | host source-ipv6_address [tcp-udp-operator
[source port number]]
ipv6-destination-prefix/prefix-length | any | host ipv6-destination-address
[tcp-udp-operator [destination port number]]
[ipv6-operator [value]]
[copy-sflow] | [drop-precedence dp-value] | [drop-precedence-force dp-value] |
[dscp-marking number] | [dscp dscp-value] | [eq | gt | lt | neq | range port-number] |
[mirror] | [priority-force number]

See also other documents in the category Brocade Computer Accessories: