Brocade Mobility RFS Controller CLI Reference Guide (Supporting software release 5.5.0.0 and later) User Manual
Page 927
Brocade Mobility RFS Controller CLI Reference Guide
915
53-1003098-01
12
Usage Guidelines:
Use this command to permit traffic between networks/hosts based on the protocol type selected in
the access list. The following protocols are supported:
•
IP
•
ICMP
•
ICP
•
UDP
•
PROTO (any Internet protocol other than TCP, UDP, and ICMP)
The last ACE in the access list is an implicit deny statement.
Whenever the interface receives the packet, its content is checked against all the ACEs in the ACL.
The packet is allowed or denied based on the ACL configuration.
•
Filtering on TCP or UDP allows you to specify port numbers as filtering criteria.
•
Select ICMP to allow/deny packets. Selecting ICMP filters ICMP packets based on ICMP
type and code.
eq
[<1-65535>|
<SERVICE-NAME>|
|bgp|dns|ftp|
ftp-data|gopher|
https|ldap|nntp|ntp|
pop3|sip|smtp|
ssh|telnet|
tftp|www]
Identifies a specific destination or protocol port to match
•
<1-65535> – The destination port is designated by its number
•
<SERVICE-NAME> – Specifies the service name
•
bgp – The designated Border Gateway Protocol (BGP) protocol port (179)
•
dns – The designated Domain Name System (DNS) protocol port (53)
•
ftp – The designated File Transfer Protocol (FTP) protocol port (21)
•
ftp-data – The designated FTP data port (20)
•
gropher – The designated GROPHER protocol port (70)
•
https – The designated HTTPS protocol port (443)
•
ldap – The designated Lightweight Directory Access Protocol (LDAP) protocol port (389)
•
nntp – The designated Network News Transfer Protocol (NNTP) protocol port (119)
•
ntp – The designated Network Time Protocol (NTP) protocol port (123)
•
pop3 – The designated POP3 protocol port (110)
•
sip – The designated Session Initiation Protocol (SIP) protocol port (5060)
•
smtp – The designated Simple Mail Transfer Protocol (SMTP) protocol port (25)
•
ssh – The designated Secure Shell (SSH) protocol port (22)
•
telnet – The designated Telnet protocol port (23)
•
tftp – The designated Trivial File Transfer Protocol (TFTP) protocol port (69)
•
www – The designated www protocol port (80)
range <START-PORT>
<END-PORT>
Specifies a range of destination ports
•
<START-PORT> – Specify the first port in the range.
•
<END-PORT> – Specify the last port in the range.
log
Logs all permit events matching this entry. If a source and/or destination IP address or port is matched (i.e. a
TCP/UDP packet is received from a specified IP address and/or is destined for a specified IP address), an
event is logged.
rule-precedence
<1-5000>
rule-description <LINE>
The following keywords are recursive and common to all of the above:
•
rule-precedence – Assigns a precedence for this permit rule
•
<1-5000> – Specify a value from 1 - 5000.
Lower the precedence higher is the priority. A rule with precedence 3 gets priority over a rule with precedence
10.
•
rule-description – Optional. Configures a description for this permit rule. Provide a description that
uniquely identifies the purpose of this rule (should not exceed 128 characters in length).