Command Line Reference Guide
220 | Access Control Lists (ACL)
www.dell.com | support.dell.com
deny tcp
c e s
Configure a filter that drops TCP packets meeting the filter criteria.
Syntax
deny tcp {source mask | any | host ip-address} [bit] [operator port [port]] {destination mask |
any | host ip-address} [dscp] [bit] [operator port [port]] [count [byte] | log] [order] [monitor]
[fragments]
To remove this filter, you have two choices:
• Use the no seq sequence-number command syntax if you know the filter’s sequence number or
• Use the no deny tcp {source mask | any | host ip-address} {destination mask | any | host
ip-address} command.
Parameters
net-unreachable Network unreachable
network-unknown Network unknown
no-room-for-option Parameter required but no room
option-missing Parameter required but not present
packet-too-big Fragmentation needed and DF set
parameter-problem All parameter problems
port-unreachable Port unreachable
precedence-unreachable Precedence cutoff
protocol-unreachable Protocol unreachable
reassembly-timeout Reassembly timeout
redirect All redirects
router-advertisement Router discovery advertisements
router-solicitation Router discovery solicitations
source-quench Source quenches
source-route-failed Source route failed
time-exceeded All time exceeded
timestamp-reply Timestamp replies
timestamp-request Timestamp requests
traceroute Traceroute
ttl-exceeded TTL exceeded
unreachable All unreachables
Table 9-2. ICMP Message Type Keywords
Keyword ICMP Message Type Name
source
Enter the IP address of the network or host from which the packets were sent.
mask
Enter a network mask in /prefix format (/x) or A.B.C.D. The mask, when
specified in A.B.C.D format, may be either contiguous or non-contiguous.
any Enter the keyword any to specify that all routes are subject to the filter.