244
firewall disable disable global packet filtering function
(2) Configure default action.
Command Explanation
Global Mode
firewall default permit Set default action to “permit”
firewall default deny Set default action to “deny”
3. Bind access-list to a specific direction of the specified port.
Command Explanation
Physical Interface Mode
ip access-group <name> {in|out }
no ip access-group <name>
{in|out}
Apply an access list to the specified direction
on the port; the “no ip access-group <name>
{in|out}” command deletes the access list
bound to the port.
9.2.2 ACL Configuration Commands

9.2.2.1 access-list(extended)

Command: access-list <num> {deny | permit} icmp {{<sIpAddr> <sMask>} |
any-source | {host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [<icmp-type> [<icmp-code>]] [precedence <prec>]
[tos <tos>]
access-list <num> {deny | permit} igmp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [<igmp-type>] [precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} tcp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port <dPort>] [ack | fin | psh | rst | syn | urg]
[precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} udp {{<sIpAddr> <sMask>} | any-source |
{host-source <sIpAddr>}} [s-port <sPort>] {{<dIpAddr> <dMask>} | any-destination |
{host-destination <dIpAddr>}} [d-port <dPort>] [precedence <prec>] [tos <tos>]
access-list <num> {deny | permit} {eigrp | gre | igrp | ipinip | ip | <int>}
{{<sIpAddr> <sMask>} | any-source | {host-source <sIpAddr>}} {{<dIpAddr>
<dMask>} | any-destination | {host-destination <dIpAddr>}} [precedence <prec>]