SMC Networks SMC6752AL2 Manuel D’Utilisation

4-122

permit, deny (Extended ACL) 

This command adds a rule to an Extended IP ACL. The rule sets a filter 
condition for packets with specific source or destination IP addresses, 
protocol types, source or destination protocol ports, or TCP control codes. 
Use the no form to remove a rule.

[no] {permit | deny} [protocol-number | udp] 

{any | source address-bitmask | host source} 
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [end]] [destination-port dport [end]]

[no] {permit | deny} tcp 

{any | source address-bitmask | host source} 
{any | destination address-bitmask | host destination}
[precedence precedence] [tos tos] [dscp dscp]
[source-port sport [end]] [destination-port dport [end]]
[control-flag control-flags flag-bitmask] 

• protocol-number – A specific protocol number. (Range: 0-255)
• source – Source IP address.
• destination – Destination IP address.
• address-bitmask – Decimal number representing the address bits to 

match.

• host – Keyword followed by a specific IP address.
• precedence – IP precedence level. (Range: 0-7)
• tos – Type of Service level. (Range: 0-15)
• dscp – DSCP priority level. (Range: 0-63)
• sport – Protocol

17

 source port number. (Range: 0-65535)

• dport – Protocol

 destination port number. (Range: 0-65535)

• end – Upper bound of the protocol port range. (Range: 0-65535)
• control-flags – Decimal number (representing a bit string) that 

specifies flag bits in byte 14 of the TCP header. (Range: 0-63)

• flag-bitmask – Decimal number representing the code bits to match. 

(Range: 0-63)

17.  Includes TCP, UDP or other protocol types.