Users Guide
• Use the no permit tcp {source address mask | any | host ipv6-address}
{destination address | any | host ipv6-address} command.
Parameters
source address
mask
Enter a network mask in /prex format (/x).
any Enter the keyword any to specify that all routes are subject to the lter.
host ipv6-address Enter the keyword host then the IP address to specify a host IP address.
destination address Enter the IPv6 address of the network or host to which the packets are sent.
bit Enter a ag or combination of bits:
• ack: acknowledgement eld
• fin: nish (no more data from the user)
• psh: push function
• rst: reset the connection
• syn: synchronize sequence numbers
• urg: urgent eld
operator (OPTIONAL) Enter one of the following logical operand:
• eq = equal to
• neq = not equal to
• gt = greater than
• lt = less than
• range = inclusive range of ports (you must specify two ports for the port parameter)
port port Enter the application layer port number. Enter two port numbers if you are using the
range logical operand. The range is from 0 to 65535.
The following list includes some common TCP port numbers:
• 23 = Telnet
• 20 and 21 = FTP
• 25 = SMTP
• 169 = SNMP
ttl Enter the keyword ttl to permit a packet based on the time to live value. The range is
from 1 to 255.
operator Enter one of the following logical operand:
• eq(equal to) — matches packets that contain a ttl value that is equal to the specied
ttl value.
• neq(not equal to) — matches packets that contain a ttl value that is not equal to the
specied ttl value.
•
gt(greater than) — matches packets that contain a ttl value that is greater than the
specied ttl value.
• lt (less than) — matches packets that contain a ttl value that is less than the
specied ttl value.
• range(inclusive range of values) — matches packets that contain a ttl value that
falls between the specied range of ttl values.
Access Control Lists (ACL) 349