Access-list, Access-list -5 – Carrier Access Adit 3000 Series and Multi-Service Router (MSR) Card none User Manual

Page 131

Advertising
background image

Adit 3000 (Rel. 1.6) and MSR Card (Rel 2.0) CLI

4-5

Global Configuration Mode

Global Configuration Commands

access-list

Use the access-list command to configure the advanced filtering entries. To delete an access list, see no
access-list command on page 4-37.

Syntax:

(config)# access-list rule {new|

rule-name} apply {eth-lan|

eth-wan|final|initial|ppp-wan} direction {in|out} operation

{accept|accept-packet|drop|reject} time-range {always|

schedule-name} src-host {address|address-range|any} dst-host

{

address|address-range|any} service service-id frag

{enable|none} log {enable|none}

Field

Definition

new

Create a new Access list rule. Note: Do not use this new option when

using an Automated Provisioning System.

rule-name

Enter an existing rule name to apply this command to.

eth-lan

Ethernet LAN interface.

eth-wan

Ethernet WAN interface.

initial

Initial rules defined here will be applied first to the interface.

final

Final rules defined here will be applied last to the interface.

ppp-wan

PPP WAN interface.

in

Filter the incoming traffic only.

out

Filter the outgoing traffic only.

accept

Allow access to packets that match the criteria defined. The data transfer

session will be handled using Stateful Packet Inspection (SPI), meaning

that other packets matching this rule will be automatically allowed access.

accept-list

Allow access to packets that match the criteria defined. The data transfer

session will not be handled using SPI, meaning that other packets

matching this rule will not be automatically allowed access. This can be

useful, for example, when creating rules that follow broadcasting.

drop

Deny access to packets that match the source and destination IP addresses

and service ports defined above.

reject

Deny access to packets that match the criteria defined, and send an ICMP

error or a TCP reset to the origination peer.

always

This rule will always take effect. Default.

schedule-name

Apply the defined schedule times to this rule.

src-host

The source address of packets sent or received from the LAN computer.

This entry is mandatory when denying a rule.

address - enter the source IP address

address-range - enter a range of source IP addresses

any - allow any IP address

dst-host

Destination address of packets sent/received from the network object.

address - enter the destination IP address

address-range - enter a range of destination IP addresses.

any - allow any IP addresses.

service-id

Enter the service number to apply the rule to. Note: Service ID number

can be displayed with the show service command, on page 3-61.

Advertising
Popular Brands
Popular manuals