Access-list extended tcp udp filter) – Allied Telesis AlliedWare Plus Operating System Version 5.4.4C (x310-26FT,x310-26FP,x310-50FT,x310-50FP) User Manual
Page 911

IPv4 Software Access Control List (ACL) Commands
Software Reference for x310 Series Switches
C613-50046-01 REV A
AlliedWare Plus
TM
Operating System - Version 5.4.4C
35.25
(access-list extended TCP UDP filter)
Use this ACL filter to add a new TCP or UDP filter entry to the current extended access-list.
If the sequence number is specified, the new filter is inserted at the specified location.
Otherwise, the new filter is added at the end of the access-list.
The no variant of this command removes a TCP or UDP filter entry from the current
extended access-list. You can specify the TCP or UDP filter entry for removal by entering
either its sequence number (e.g. no 10), or by entering its TCP or UDP filter profile
without specifying its sequence number.
Note that the sequence number can be found by running the
command.
Syntax
[tcp|udp]
[<sequence-number>] {deny|permit} {tcp|udp}
<source>
{eq <sourceport>|lt <sourceport>|gt <sourceport>|ne <sourceport>}
<destination>
[eq <destport>|lt <destport>|gt <destport>|ne <destport>]
[log]
no {deny|permit} {tcp|udp}
<source>
{eq <sourceport>|lt <sourceport>|gt <sourceport>|ne <sourceport>}
<destination>
[eq <destport>|lt <destport>|gt <destport>|ne <destport>]
[log]
no <sequence-number>
Parameter
Description
<sequence-
number>
<1-65535>
The sequence number for the filter entry of the selected access
control list.
deny
Access-list rejects packets that match the source and destination
filtering specified with this command.
permit
Access-list permits packets that match the source and destination
filtering specified with this command.
tcp
The access-list matches only TCP packets.
udp
The access-list matches only UDP packets.
<source>
The source address of the packets. You can specify a single host, a
subnet, or all sources. The following are the valid formats for
specifying the source:
<ip-addr>/
<prefix>
An IPv4 address, followed by a
forward slash, then the prefix length.
This matches any source IP address
within the specified subnet.
any
Matches any source IP address.
<sourceport>
The source port number, specified as an integer between 0 and
65535.