Specifications
SSR Command Line Interface Reference Manual 59
acl permit|deny tcp
acl permit|deny tcp
Purpose
Create a TCP ACL.
Format
acl <name> permit|deny tcp <SrcAddr/Mask> <DstAddr/Mask> <SrcPort> <DstPort> <tos>
[accounting][established]
Mode
Configure
Description
The acl permit tcp and acl deny tcp commands define an ACL to allow or block TCP
traffic from entering or leaving the SSR. For each of the values describing a flow, you can
use the keyword any to specify a wildcard (“don’t care”) condition. If you do not specify a
value for a field, the SSR applies a wildcard condition to the field, giving the same effect
as if you specify the any keyword. The two exceptions to this rule are the optional
parameters <tos> (type of service) and accounting. <tos> is a value from 0 to 15. The
accounting keyword is only valid for the permit command, and can be placed anywhere
on the command line. When you specify the accounting keyword, LFAP accounting
information will be sent to the configured server for flows that match the ACL.
Parameters
<name> Is the name of this ACL. You can use a string of characters or a number.
<SrcAddr/Mask> Is the source address and the filtering mask of this flow. If the source
address is a network or subnet address, you must supply the filtering
mask. Generally, the filtering mask is the network mask of this network
or subnet. If the source address is that of a host then no mask is
required. By default, if a mask is not supplied, the source address is
treated as that of a host. You can specify the mask using the traditional
IP address format (“255.255.0.0”) or the CIDR format (“/16”).
<DstAddr/Mask> Is the destination address and the filtering mask of this flow. The same
requirements and restrictions for <SrcAddr/Mask> apply to
<DstAddr/Mask>.