Filter
Top Products
550 CHAPTER 39: CONFIGURING FIREWALL
acl acl-number [ match-order config | auto ]
rule { normal | special }{ permit | deny } [source source-addr
source-wildcard | any ]
■ Extended access control list
acl acl-number [ match-order config | auto ]
rule { normal | special }{ permit | deny } pro-number [source
source-addr source-wildcard | any ] [source-port operator port1 [
port2 ] ] [ destination dest-addr dest- wildcard | any ]
[destination-port operator port1 [ port2 ] ] [icmp-type icmp-type
icmp-code] [logging]
Protocol-number is the type of the protocol carried by IP in the form of name or
number. The range of number is from 0 to 255, and the range of name is icmp,
igmp, ip, tcp, udp, gre and ospf.
The above command can also be written in following formats due to the different
protocol.
1 Command format when the protocol is ICMP:
rule { normal | special }{ permit | deny } icmp [source source-addr
source-wildcard | any ] [ destination dest-addr dest- wildcard | any
] [icmp-type icmp-type icmp-code] [logging]
2 Command format when the protocol is IGMP, IP, GRE or OSPF:
rule { normal | special }{ permit | deny } { ip | ospf | igmp | gre
} [source source-addr source-wildcard | any ] [ destination
dest-addr dest- wildcard | any ] [logging]
3 Command format when the protocol is TCP or UDP:
rule { normal | special }{ permit | deny } { tcp | udp } [source
source-addr source-wildcard | any ] [source-port operator port1 [
port2 ] ] [ destination dest-addr dest- wildcard | any ]
[destination-port operator port1 [ port2 ] ] [logging]
Only the TCP and UDP protocols require specifying the port range. Listed below
are supported operators and their syntax.
Table 618 Operators of the Extended Access Control List
In specifying the port number, following mnemonic symbols may be used to stand
for the actual meaning.
Operator and Syntax Meaning
equal portnumber Equal to 'portnumber'
greater-than portnumber Greater than 'portnumber'
less-than portnumber Less than 'portnumber'
not-equal portnumber Not equal to 'portnumber'
range portnumber1 portnumber2 Between 'portnumber1' and 'portnumber2'