237
DWS-1008 User’s Manual
D-Link Systems, Inc.
Configuring and Managing Security ACLs
The
before 1
portion of the ACE places it before any others in the ACL, so it has precedence
over any later ACEs for any parameter settings that are met.
ICMP includes many messages that are identified by a type field. Some also have a code
within that type. The table below lists some common ICMP types and codes.
Common ICMP Message Types and Codes
ICMP Message Type
(Number)
ICMP Message Code (Number)
Echo Reply (0)
None
Destination Unreachable (3)
•
Network Unreachable (0)
•
Host Unreachable (1)
•
Protocol Unreachable (2)
•
Port Unreachable (3)
•
Fragmentation Needed (4)
•
Source Route Failed (5)
Source Quench (4)
None
Redirect (5)
•
Network Redirect (0)
•
Host Redirect (1)
•
Type of Service (TOS) and Network Redirect (2)
•
TOS and Host Redirect (3)
Echo (8)
None
Time Exceeded (11)
•
Time to Live (TTL) Exceeded (0)
•
Fragment Reassembly Time Exceeded (1)
Parameter Problem (12)
None
Timestamp (13)
None
Timestamp Reply (14)
None
Information Request (15)
None
Information Reply (16)
None
Setting TCP and UDP ACLs
Security ACLs can filter TCP and UDP packets by source and destination IP address,
precedence, and TOS level. You can apply a TCP ACL to established TCP sessions only, not
to new TCP sessions. In addition, security ACLs for TCP and UDP can filter packets according
to a source port on the source IP address and/or a destination port on the destination IP
address, if you specify a port number and an operator in the ACE.
The operator indicates whether to filter packets arriving from or destined for a port whose
number is equal to (
eq
), greater than (
gt
), less than (
lt
), not equal to (
neq
), or in a range that
includes (
range
) the specified port. To specify a range of TCP or UDP ports, you enter the
beginning and ending port numbers.