Reference Guide
Access Control Lists (ACL) | 205
deny tcp
c e s
Configure a filter that drops TCP packets meeting the filter criteria.
Syntax
deny tcp {source mask | any | host ip-address} [bit] [operator port [port]] {destination mask | any |
host ip-address} [dscp] [bit] [operator port [port]] [count [byte] | log] [order] [monitor]
[
fragments]
To remove this filter, you have two choices:
• Use the
no seq sequence-number command syntax if you know the filter’s
sequence number or
• Use the
no deny tcp {source mask | any | host ip-address} {destination mask | any |
host ip-address} command.
Parameters
redirect All redirects
router-advertisement Router discovery advertisements
router-solicitation Router discovery solicitations
source-quench Source quenches
source-route-failed Source route failed
time-exceeded All time exceeded
timestamp-reply Timestamp replies
timestamp-request Timestamp requests
traceroute Traceroute
ttl-exceeded TTL exceeded
unreachable All unreachables
Table 7-2. ICMP Message Type Keywords
Keyword ICMP Message Type Name
source
Enter the IP address of the network or host from which the packets were
sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask,
when specified in A.B.C.D format, may be either contiguous or
non-contiguous.
any
Enter the keyword any to specify that all routes are subject to the filter.
host ip-address
Enter the keyword host followed by the IP address to specify a host IP
address.
dscp
Enter this keyword to deny a packet based on DSCP value.
Range: 0-63