Specifications
set security acl
Chapter 14
Security ACL Commands
460
3. deny SRC source IP 192.168.1.234 255.255.255.255 enable-hits
PROMPT# rollback security acl acl_122
PROMPT# show security acl info all editbuffer
ACL edit-buffer information for all
See Also
show security acl on page 470
set security acl
In the edit buffer, creates a security access control list (ACL), adds one access
control entry (ACE) to a security ACL, and/or reorders ACEs in the ACL. The
ACEs in an ACL filter IP packets by source IP address, a Layer 4 protocol, or IP,
ICMP, TCP, or UDP packet information.
Syntax
By source address
set security acl ip acl-name {permit [cos cos] | deny} {source-ip-addr mask |
any} [before editbuffer-index | modify editbuffer-index] [hits]
By Layer 4 protocol
set security acl ip acl-name {permit [cos cos] | deny} protocol-number
{source-ip-addr mask | any} {destination-ip-addr mask | any}
[[precedence precedence][tos tos] | [dscp codepoint]]
[before editbuffer-index | modify editbuffer-index] [hits]
By IP packets
set security acl ip acl-name {permit [cos cos] | deny} ip {source-ip-addr mask |
any} {destination-ip-addr mask | any} [[precedence precedence][tos tos] | [dscp
codepoint]] [before editbuffer-index | modify editbuffer-index] [hits]