SmartWare Software Configuration Guide

24 • Access control list configuration

 

 

The same effect can also be obtained by using the simpler message name option. See the following example.

node(cfg)#profile acl WanRx node(pf-acl)[WanRX]#deny icmp any any msg echo node(pf-acl)[WanRX]#exit

node(cfg)#

Adding a TCP, UDP or SCTP filter rule to the current access control list profile

The commands permit or deny are used to define a TCP, UDP or SCTP filter rule. Each TCP, UDP or SCTP filter rule represents a respective access of control list entry.

This procedure describes how to create a TCP, UDP or SCTP access control list entry that permits access

Mode: Profile access control list

Step

Command

Purpose

 

 

 

1

node(pf-acl)[name]#permit {tcp udp sctp} {src src-wild-

Creates a TCP, UDP or SCTP

 

card any host src} [{eq port gt port lt port range

access of control list entry that

 

from to}] {dest dest-wildcard any host dest} [{eq port gt

permits access defined according

 

port lt port range from to}] [{cos group cos-rtp group-

to the command options

 

data group-ctrl}]

 

 

 

 

This procedure describes how to create a TCP, UDP or SCTP access control list entry that denies access Mode: Profile access control list

Step

Command

Purpose

 

 

 

1

node(pf-acl)[name]#deny {tcp udp sctp} {src src-

Creates a TCP, UDP or SCTP

 

wildcard any host src} [{eq port gt port lt port

access of control list entry that

 

range from to}] {dest dest-wildcard any host dest} [{eq

denies access defined according

 

port gt port lt port range from to}] [{cos group cos-

to the command options

 

rtp group-data group-ctrl}]

 

 

 

 

Access control list configuration task list

261

Page 261
Image 261
Patton electronic SmartNode 4110 Series manual Nodepf-acl name#permit tcp udp sctp src src-wild