6 no access-list, 7 ip access-group – Fortinet 548B User Manual

Page 395

Advertising
background image

- 395 -

<accesslistnumber> - The ACL number is an integer from 1 to 199. The range 1 to 99 is for the
normal ACL List and 100 to 199 is for the extended ACL List.

permit or deny - The ACL rule is created with two options. The protocol to filter for an ACL rule is
specified by giving the protocol to be used like icmp ,igmp ,ip ,tcp, udp. The command specifies a
source ip address and source mask for match condition of the ACL rule specified by the srcip and
srcmask parameters. The source layer 4 port match condition for the ACL rule is specified by the
port key parameter.

<portkey> - uses a single keyword notation and currently has the values of domain, echo, ftp,
ftpdata, http, smtp, snmp, telnet, tftp, and www. Each of these values translates into its
equivalent port number, which is used as both the start and end of a port range. The command
specifies a destination ip address and destination mask for match condition of the ACL rule specified
by the dstip and dstmask parameters. The command specifies the TOS for an ACL rule depending
on a match of precedence or DSCP values using the parameters tos, tosmask, dscp.

Default Setting

None

Command Mode

Global Config

7.22.2.6 no access-list

This command deletes an ACL that is identified by the parameter <accesslistnumber> from the system
or remove an ACL rule that is identified by the parameter <1-28> from the an IP ACL
<accesslistnumber>.

Syntax

no access-list {<1-99> | <100-199>} [<rule-id>]

i

The ACL number is an integer from 1 to 199. The range 1 to 99 is for the normal ACL List and
100 to 199 is for the extended ACL List.

Default Setting

None

Command Mode

Global Config

7.22.2.7 ip access-group

This command attaches a specified access-control list to an interface or associates with a VLAN ID in a
given direction. The parameter <name> is the name of the Access Control List.

An optional sequence number may be specified to indicate the order of this IP access list relative to
other IP access lists already assigned to this interface and direction. A lower number indicates higher
precedence order. If a sequence number is already in use for this interface and direction, the specified

Advertising
Popular Brands
Popular manuals