Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

301

302

303

304

305

306

307

308

309

310

Chapter 13. ACLs | 301

NETGEAR 8800 User Manual

entry <ACLrulename>{

if {

<match-conditions>;

} then {

<action>;

<action-modifiers>;

}

}

The following is an example of a rule entry:

entry udpacl {

if {

source-address 10.203.134.0/24;

destination-address 140.158.18.16/32;

protocol udp;

source-port 190;

destination-port 1200 - 1250;

} then {

permit;

}

}

An ACL rule is evaluated as follows:

• If the packet matches all the match conditions, the action and any action modifiers in the

then statement are taken.

• For ingress ACLs, if a rule entry does not contain any match condition, the packet is

considered to match and the action and any action modifiers in the rule entry’s

then

statement are taken. For egress ACLs, if a rule entry does not contain any match

condition, no packets will match. See

Matching All Egress Packets on page 302 for more

information.

• If the packet matches all the match conditions, and if there is no action specified in the

then statement, the action permit is taken by default.

• If the packet does not match all the match conditions, the action in the then statement is

ignored.

This section describes the following topics:

• Matching All Egress Packets on page 302

• Comments and Descriptions in ACL Policy Files on page 302

• Types of Rule Entries on page 303

• Match Conditions on page 303

• Actions on page 304

• Action Modifiers on page 304

• ACL Rule Syntax Details on page 306