Specifications
acl permit|deny udp
62 SSR Command Line Interface Reference Manual
<SrcPort> For TCP or UDP, the number of the source TCP or UDP port. This field
applies only to incoming TCP or UDP traffic. You can specify a range of
port numbers using operator symbols; for example, 10-20 (between 10
and 20 inclusive), >1024 (greater than 1024), <1024 (les than 1024),
!=1024 (not equal to 1024). The port numbers of some popular services
are already defined as keywords. For example, for Telnet, you can enter
the port number 23 as well as the keyword telnet.
<DstPort> For TCP or UDP, the number of the destination TCP or UDP port. This
field applies only to incoming TCP or UDP traffic. The same requirements
and restrictions for <SrcPort> apply to <DstPort>.
<tos> IP TOS (Type of Service) value. You can specify a TOS value from 0 – 15.
accounting Valid with the permit command only. This keyword causes LFAP
accounting information to be sent to the configured server for flows
that match the ACL.
Restrictions
When you apply an ACL to an interface, the SSR appends an implicit deny rule to that ACL.
The implicit deny rule denies all traffic. If you intend to allow all traffic that doesn’t
match your specified ACL rules to go through, you must explicitly define a rule to permit
all traffic.
Examples
Here are some examples of ACL commands for permitting and denying UDP traffic flows.
Creates an ACL to permit UDP traffic from the subnet 10.1.3.0 (with a 24 bit netmask) to
any destination.
Creates an ACL to deny any incoming TFTP traffic.
Creates an ACL to permit UDP based NFS traffic from subnet 10.12.0.0 to subnet 10.7.0.0.
ssr(config)# acl 100 permit udp 10.1.3.0/24 any
ssr(config)# acl notftp deny udp any any tftp any
ssr(config)# acl udpnfs permit udp 10.12.0.0/16 10.7.0.0/16 any nfs