Specifications
acl permit|deny ip-protocol
48 SSR Command Line Interface Reference Manual
acl permit|deny ip-protocol
Purpose
Create an ACL for any IP protocol type.
Format
acl <name> permit|deny ip-protocol <proto-num> <SrcAddr/Mask> <DstAddr/Mask>
<tos>
Mode
Configure
Description
The acl permit ip-protocol and acl deny ip-protocol commands define an Access Control
List to allow or block IP traffic from entering or leaving the router for any protocol type.
Unlike the more specific variants of the acl commands such as ip, tcp and udp, the ip-
protocol version of the command allows the user to specify any valid IP protocol type.
This command allows the user to specify an IP protocol other than the ones available with
other acl permit|deny commands. For example, to specify an ACL for IP encapsulation in
IP, one can use the IPinIP protocol type, 4, in the ACL. For each of the values describing a
flow, you can use the keyword any to specify a wildcard (“don’t care”) condition. If you do
not specify a value for a field, the SSR assumes that the value is a wildcard (as if you had
specified the any keyword).
Parameters
<name> Name of this ACL. You can use a string of characters or a number.
<proto-num> IP protocol number of this flow.
<SrcAddr/Mask> The source address and the filtering mask of this flow. If the source
address is a network or subnet address, you must supply the filtering
mask. Generally, the filtering mask is the network mask of this network
or subnet. If the source address is that of a host then no mask is
required. By default, if a mask is not supplied, the source address is
treated as that of a host. You can specify the mask using the traditional
IP address format (“255.255.0.0”) or the CIDR format (“/16”).