Chapter 4 Service Configuration
Parameter
Description
<
dip-mask
>
Destination mask used for destination. It is a 32-bit IP address
expressed in dotted decimal notation.
any
(second)
The any keyword is used as the abbreviation of the destination
0.0.0.0 and the destination mask 0.0.0.0
dest-port
<
0-65535
>
TCP destination port number of the transmitted packet
The parameters of dest-port can resolve the some known port
numbers. Also the port number and mask can be directly inputted.
<
dport-mask
>
Destination port number mask
establishing
This rule is only valid for the message that actively establishes
TCP connection. It matches flag ack=0, syn=1. Ignore this rule
for other messages.
established
This rule is only valid for the message that passively establishes
TCP connection. It matches flag ack=1, syn=1. Ignore this rule
for other messages.
dscp
<
0-63
>
This rule is only valid for the message with the specified DSCP
value. Ignore this rule for other messages. The range of DSCP
is 0 to 63.
fragment
This rule is only valid for the fragment message. Non–fragment
messages ignore this rule.
Guidelines
The TCP rule can match TCP packets with specified source IP addresses, any source
IP address, specified destination IP addresses, any destination IP address, TCP source
port numbers, TCP destination port numbers, active TCP links, passive TCP links, DSCP
fields, or IP fragment fields.
4.13.53 egress-acl extend rule type-udp
Purpose
This command sets the rule that the extended ingress ACL is used to match UDP message.
Command Mode
Extended egress ACL configuration mode
Syntax
rule
<
1-500
>{
permit
|
deny
}
udp
{<
source-ipaddr
><
sip-mask
>|
any
}[
source-port
<
0-65535
><
s
port-mask
>]{<
destination-ipaddr
><
dip-mask
>|
any
}[
dest-port
<
0-65535
><
dport-mask
>][
dscp
<
0-63
>][
fragment
]
4-265
SJ-20130731155059-003|2013-11-27 (R1.0)
ZTE Proprietary and Confidential