Manualshelf

Reference v4.1.0 Instruction Manual

ManualsBrandsBrocade ManualsComputer AccessoriesNetwork OS Command
681682683684685686687688689690
Network OS Command Reference 645
53-1003115-01
seq (extended IP ACLs)
2
seq (extended IP ACLs)
Inserts a rule anywhere in the IP ACL.
Synopsis seq seq-value {permit | deny | hard-drop} ip-protocol {any | SIP mask | host SIP} [{eq | gt | lt |
neq | range} sport number] {any | DIP mask | host DIP} [{eq | gt | lt | neq | range} dport number]
[dscp value] [ack fin rst sync urg psh] [count] [log]
no seq seq-value {permit | deny | hard-drop} ip-protocol {any | SIP mask | host SIP} [{eq | gt | lt |
neq | range} sport number] {any | DIP mask | host DIP} [{eq | gt | lt | neq | range} dpor
t number]
[dscp value] [ack fin rst sync urg psh] [count] [log]
Operands seq-value Specifies the sequence number for the rule. Valid values range from 0
through 65535.
permit Specifies rules to permit traffic.
deny Specifies rules to deny traffic.
hard-drop Overrides the trap behavior for control frames and data frames such as
echo request (ping). See the Usage Guidelines.
ip-protocol Indicates the type of IP packet you are filtering. You can specify a
well-known name for any protocol whose number is less than 255;
otherwise, any decimal number may be entered.
any Specifies any source IP address.
host Source_IP_ADDRESS
Specifies the source host IP address for which to set permit or deny
conditions.
Source_IP_mask Specifies the source host IP address for which to set permit or deny
conditions. The address can also be entered as an IP address, or an
IP address with a mask. The mask value can be entered in Classless
Interdomain Routing (CIDR) format, or in wildcard mask format.
For example, the following to entries yield the same results. The CIDR
equivalent of “209.157.22.26 0.0.0.255” is “209.157.22.26/24”.
In wildcard format, you can mask for any bit. For example, 0.255.0.255
is valid.
source_port_number This field is only valid when the ip-protocol has been specified as UDP or
TCP. The keyword “operator” defines how to apply the sport numbers that
follow.
eq The policy applies to the TCP or UDP port name or number you enter
after eq.
gt The policy applies to TCP or UDP port numbers greater than the port
number or the numeric equivalent of the port name you enter after gt.
lt The policy applies to TCP or UDP port numbers that are less than the port
number or the numeric equivalent of the port name you enter after lt.
neq The policy applies to all TCP or UDP port numbers except the port number
or port name you enter after neq.