HP Cisco MDS 9140 Cisco Nexus 5000 Series Command Reference Release 4.0(1a)N2( - Page 391
see TCP Port Names and UDP Port Names in the Usage Guidelines, range, portgroup
View all HP Cisco MDS 9140 manuals
Add to My Manuals
Save this manual to your list of manuals |
Page 391 highlights
Chapter 6 Security Commands permit (IPv4) Send comments to [email protected] operator port [port] portgroup portgroup flags established (Optional; TCP and UDP only) Rule matches only packets that are from a source port or sent to a destination port that satisfies the conditions of the operator and port arguments. Whether these arguments apply to a source port or a destination port depends upon whether you specify them after the source argument or after the destination argument. The port argument can be the name or the number of a TCP or UDP port. Valid numbers are integers from 0 to 65535. For listings of valid port names, see "TCP Port Names" and "UDP Port Names" in the "Usage Guidelines" section. A second port argument is required only when the operator argument is a range. The operator argument must be one of the following keywords: • eq-Matches only if the port in the packet is equal to the port argument. • gt-Matches only if the port in the packet is greater than the port argument. • lt-Matches only if the port in the packet is less than the port argument. • neq-Matches only if the port in the packet is not equal to the port argument. • range-Requires two port arguments and matches only if the port in the packet is equal to or greater than the first port argument and equal to or less than the second port argument. (Optional; TCP and UDP only) Specifies that the rule matches only packets that are from a source port or to a destination port that is a member of the IP port-group object specified by the portgroup argument. Whether the port-group object applies to a source port or a destination port depends upon whether you specify it after the source argument or after the destination argument. Use the object-group ip port command to create and change IP port-group objects. (Optional; TCP only) Rule matches only packets that have a specific TCP control bit flags set. The value of the flags argument must be one or more of the following keywords: • ack • fin • psh • rst • syn • urg (Optional; TCP only) Specifies that the rule matches only packets that belong to an established TCP connection. The switch considers TCP packets with the ACK or RST bits set to belong to an established connection. Command Default A newly created IPv4 ACL contains no rules. OL-16599-01 Cisco Nexus 5000 Series Command Reference 6-57