Brocade Multi-Service IronWare Security Configuration Guide (Supporting R05.6.00) User Manual

138

Multi-Service IronWare Security Configuration Guide

53-1003035-02

ICMP filtering for extended ACLs

3

The acl-name | acl-num parameter allows you to specify an ACL name or number. If using a name,
specify a string of up to 256 alphanumeric characters. You can use blanks in the ACL name if you
enclose the name in quotation marks (for example, “ACL for Net1”). The acl-num parameter allows
you to specify an ACL number if you prefer. If you specify a number, enter a number from 100 – 199
for extended ACLs.

The deny | permit parameter indicates whether packets that match the policy are dropped or
forwarded.

You can either use the icmp-type and enter the name of the message type or use the type-number
code-number parameter to enter the type number and code number of the message. Refer to Table
20 for valid values.

TABLE 20

ICMP message types and codes

ICMP message type

Type

Code

administratively-prohibited

3

13

any-icmp-type

x

x

destination-host-prohibited

3

10

destination-host-unknown

3

7

destination-net-prohibited

3

9

destination-network-unknown

3

6

echo

8

0

echo-reply

0

0

general-parameter-problem
NOTE: This message type indicates that required option is

missing.

12

1

host-precedence-violation

3

14

host-redirect

5

1

host-tos-redirect

5

3

host-tos-unreachable

3

12

host-unreachable

3

1

information-reply

16

0

information-request

15

0

mask-reply

18

0

mask-request

17

0

net-redirect

5

0

net-tos-redirect

5

2

net-tos-unreachable

3

11

net-unreachable

3

0

packet-too-big 3

4

parameter-problem
NOTE: This message includes all parameter problems

12

0

port-unreachable

3

3