Owner's Manual

ManualsBrandsNetgear ManualsHubsNetgear XCM8806

321

322

323

324

325

326

327

328

329

330

Chapter 13. ACLs | 323

NETGEAR 8800 User Manual

} then {

deny;

count icmpcnt;

}

The following example prevents TCP connections from being established from the

10.10.20.0/24 subnet, but allows established connections to continue, and allows TCP

connections to be established to that subnet. A TCP connection is established by sending a

TCP packet with the SYN flag set, so this example blocks TCP SYN packets. This example

emulates the behavior of the NETGEAR 8800 permit-established ACL command:

entry permit-established {

if {

source-address 10.10.20.0/24;

protocol TCP;

tcp-flags syn;

} then {

deny;

}

The following entry denies every packet and increments the counter default:

entry default {

if {

} then {

deny;

count default;

}

The following entry permits only those packets with destination MAC addresses whose first

32 bits match 00:01:02:03:

entry rule1 {

if {

ethernet-destination-address 00:01:02:03:01:01 ff:ff:ff:ff:00:00 ;

} then {

permit ;

}

The following entry denies IPv6 packets from source addresses in the 2001:db8:c0a8::/48

subnets and to destination addresses in the 2001:db8:c0a0:1234::/64 subnets:

entry ipv6entry {

if {