Specifications
SSR Command Line Interface Reference Manual 45
acl permit|deny ip
acl permit|deny ip
Purpose
Create an IP ACL.
Format
acl <name> permit|deny ip <SrcAddr/Mask> <DstAddr/Mask> <SrcPort> <DstPort> <tos>
[accounting]
Mode
Configure
Description
The acl permit ip and acl deny ip commands define an Access Control List to allow or
block IP traffic from entering or leaving the router. Unlike the more specific variants of the
acl commands for tcp and udp, the IP version of the command includes IP-based
protocols such as tcp, udp, icmp and igmp. For each of the values describing a flow, you
can use the keyword any to specify a wildcard (“don’t care”) condition. If you do not
specify a value for a field, the SSR assumes that the value is a wildcard (as if you had
specified the any keyword). The two exceptions to this rule are the optional parameters
<tos> (type of service) and accounting. <tos> is a value from 0 to 15. The accounting
keyword is only valid for the permit command, and can be placed anywhere on the
command line. When you specify the accounting keyword, LFAP accounting information
will be sent to the configured server for flows that match the ACL.
Parameters
<name> Name of this ACL. You can use a string of characters or a number.
<SrcAddr/Mask> The source address and the filtering mask of this flow. If the source
address is a network or subnet address, you must supply the filtering
mask. Generally, the filtering mask is the network mask of this network
or subnet. If the source address is that of a host then no mask is
required. By default, if a mask is not supplied, the source address is
treated as that of a host. You can specify the mask using the traditional
IP address format (“255.255.0.0”) or the CIDR format (“/16”).