User guide
16-14 E
XTREME
W
ARE
S
OFTWARE
U
SER
G
UIDE
A
CCESS
P
OLICIES
The exact command line entry for this example is as follows:
create access-list telnet-allow tcp destination 10.10.10.100/32 ip-port
23 source any ip-port any permit-established ports any pre 8
This rule has a higher precedence than the rule “tcp2.”
Figure 16-5 shows the final outcome of this access list.
Figure 16-5: Permit-established access list filters out SYN packet to destination
E
XAMPLE 2: FILTER ICMP PACKETS
This example creates an access list that filters out ping (ICMP echo) packets. ICMP echo
packets are defined as type 8 code 0.
The command line syntax to create this access list is as follows:
create access-list denyping icmp destination any source any type 8 code
0 deny ports any
The output for this access list is shown in Figure 16-6.
EW_037
10.10.10.100 10.10.20.100
SYN
SYN