permit
Configure a permit rule. A permit rule excludes the matching packets from PBR classification and routes
them using conventional routing.
S4820T
Syntax permit {ip-protocol-number | protocol-type} {source mask | any
| host ip-address} {destination mask | any | host ip-address}
[bit] [operators]
To remove the rule, use one of the following:
• If you know the filter sequence number, use the no seq sequence-number
syntax command.
• You can also use the no permit {ip-protocol-number | protocol-
type} {source mask | any | host ip-address} {destination
mask | any | host ip-address} [bit] [operators] command.
Parameters ip-protocol-
number
Enter a number from 0 to 255 for the protocol identified in
the IP protocol header.
protocol-type Enter one of the following keywords as the protocol type:
•icmp for internet control message protocol
•ip for any internet protocol
•tcp for transmission control protocol
•udp for user datagram protocol
source Enter the IP address of the network or host from which the
packets were sent.
mask Enter a network mask in /prefix format (/x).
any Enter the keyword any to specify that all traffic is subject to
the filter.
host ip-address Enter the keyword host then he IP address to specify a host
IP address.
destination Enter the IP address of the network or host to which the
packets are sent.
bit (OPTIONAL) For the TCP protocol type only, enter one or a
combination of the following TCP flags:
•ack = acknowledgement
•fin = finish (no more data from the user)
•psh = push function
•rst = reset the connection
•syn = synchronize sequence number
Policy-based Routing (PBR) 1383