5 access-list, 6 no access-list – Fortinet MR1 User Manual

287

5.13.2.5 access-list

This command creates an Access Control List (ACL) that is identified by the parameter.

Syntax

access-list {( <1-99> {deny | permit} <srcip> <srcmask>)
| ( {<100-199> {deny | permit} {evry | {{icmp | igmp | ip | tcp | udp | <number>} <srcip>
<srcmask> [{eq {<portkey> | <portvalue>}}] <dstip> <dstmask> [{eq {<portkey> |

<portvalue>}}] [precedence <precedence>] [tos <tos> <tosmask>] [dscp <dscp>]}})}

<accesslistnumber>. The ACL number is an integer from 1 to 199. The range 1 to 99 is for
the normal ACL List and 100 to 199 is for the extended ACL List.

permit or deny. The ACL rule is created with two options. The protocol to filter for an ACL rule is specified by
giving the protocol to be used like icmp ,igmp ,ip ,tcp, udp. The command specifies a source ip address and
source mask for match condition of the ACL rule specified by the srcip and srcmask parameters. The source
layer 4 port match condition for the ACL rule is specified by the port value parameter.

<portvalue> uses a single keyword notation and currently has the values of domain, echo,
ftp, ftpdata, http, smtp, snmp, telnet, tftp, and www. Each of these values translates into
its equivalent port number, which is used as both the start and end of a port range. The
command specifies a destination ip address and destination mask for match condition of the
ACL rule specified by the dstip and dstmask parameters. The command specifies the TOS
for an ACL rule depending on a match of precedence or DSCP values using the parameters
tos, tosmask, dscp.

Default Setting

None

Command Mode

Global Config

5.13.2.6 no access-list

This command deletes an ACL that is identified by the parameter <accesslistnumber> from
the system.

Syntax