Specifications
18-8 VNS Commands (vnsmode)
• config
• delete
• move
18.4.3.1 create
Usethecreatecommandtocreate,insert,orappendanewfilterruleintoanACfilterlistfor the
default‐policy.Thecreatecommandisaccessiblefromwithinthevnsmode:default‐
policy:acfilterscontext.
Ifadvancedfiltermodehasbeenenabledwiththeenable‐advance‐filteringcommand(page20‐3),
theAdvanced
modesyntaxispresented.Ifadvancedfiltermodeisnotenabled,theBasicmode
syntaxispresented.
Syntax
Basic mode sytax:
create <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)
[(port <port> [<port>]) | (type <type> [<type>])] in (none|dst) out (none|src)
(allow | deny)
Advanced mode syntax:
create <pos> proto <protocol> (<ipaddress/mask> | interface-subnet | interface-ip)
[(port <port> [<port>]) | (type <type> [<type>])] in (none|src|dst|both) out
(none|src|dst|both) (allow | deny)
Parameters
<pos> Specifiesapositionvalueforthisfilterinthefilterlist.Validvaluesare
from0‐255.
proto<protocol> Specifiestheprotocolforthisfilterrulebynumberorname.Valid
numbervaluesarefrom0‐255.Validnamevaluesare:
• udp - UDP protocol
• tcp - TCP protocol
• ah - Authentication Header protocol
• esp - Encapsulating Security Payload protocol
• all - All protocols
• icmp - ICMP protocol
• gre - Generic Route Encapsulation protocol
<ipaddress/mask> SpecifiesanIPaddressandmaskforthisfilterrule.
interface‐subnet Specifiestha ttheIPaddressandmaskconfiguredfortheassociated
topologywillbeusedforthisfilterrule.
interface‐ip SpecifiestheIPaddressoftheassociatedtopologywillbeusedforthis
filterrule.
port<port>
[<port>]
SpecifiesaTCPor
UDPportorportrangetowhichthisfilterrulewill
beapplied.Thefirstvaluespecifieseithertheportorthestartofaport
range.Thesecondvalueoptionallyspecifiestheendofarange.This
parameterisonlyvalidwheneitherTCPorUDPisthespecified
protocol.Validportvaluesarefrom0‐65535.