Chapter 4 Service Configuration
Guidelines
The IP rule can match IPv4 packets with specified source IP addresses, any source IP
address, specified destination IP addresses, any destination IP address, DSCP fields, or
IP fragment fields.
4.13.15 ingress-acl extend rule type-tcp
Purpose
This command sets the rule that the extended ingress ACL is used to match TCP
messages.
Command Mode
Extended ingress ACL configuration mode
Syntax
rule
<
1-500
>{
permit
|
deny
}
tcp
{<
source-ipaddr
><
sip-mask
>|
any
}[
source-port
<
0-65535
><
s
port-mask
>]{<
destination-ipaddr
><
dip-mask
>|
any
}[
dest-port
<
0-65535
><
dport-mask
>][
establ
ishing
|
established
][
dscp
<
0-63
>][
fragment
]
Parameter Description
Parameter
Description
<
1-500
>
Rule number.
permit
If the condition matches, access is permitted.
deny
If the condition matches, access is denied.
tcp
This rule only matches TCP message. Non-TCP message ignores
this rule.
<
source-ipaddr
>
IP address of the source network or host transmitting packets. It is
a 32-bit IP address expressed in dotted decimal notation.
<
sip-mask
>
Source mask used for sources. It is a 32-bit IP address expressed
in dotted decimal notation.
any
(first)
The any keyword is used as the abbreviation of the source 0.0.0.0
and the source mask 0.0.0.0.
source-port
<
0-65535
>
TCP source port number of the transmitted packet
The parameters of source-port can resolve the some known port
numbers. Also the port number and mask can be directly inputted.
<
sport-mask
>
Source port number mask.
<
destination-ipaddr
>
Destination network or host of the transmitted packet. It is a 32-bit
IP address expressed in dotted decimal notation.
4-223
SJ-20130731155059-003|2013-11-27 (R1.0)
ZTE Proprietary and Confidential