Cisco Cisco Packet Data Interworking Function (PDIF)
ACL Configuration Mode Commands
deny/permit (by TCP/UDP packets) ▀
Command Line Interface Reference, StarOS Release 16 ▄
261
deny/permit (by TCP/UDP packets)
Filters subscriber sessions based on the transmission control protocol/user datagram protocol packets sent by the source
to the mobile node or the network.
to the mobile node or the network.
Product
All
Privilege
Security Administrator, Administrator
Mode
Exec > Global Configuration > Context Configuration > ACL Configuration
configure > context context_name > ip access-list acl_name
Entering the above command sequence results in the following prompt:
[context_name]host_name(config-acl)#
Syntax
{ deny | permit } [ log ] { tcp | udp } { { source_address source_wildcard | any | host
source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
after { deny | permit } [ log ] { tcp | udp } { { source_address source_wildcard | any |
host source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
host source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
before { deny | permit } [ log ] { tcp | udp } { { source_address source_wildcard | any |
host source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
host source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
no { deny | permit } [ log ] { tcp | udp } { { source_address source_wildcard | any |
host source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
host source_host_address } [ eq source_port | gt source_port | lt source_port | neq
source_port ] } { { dest_address dest_wildcard | any | host dest_host_address } [ eq
dest_port | gt dest_port | lt dest_port | neq dest_port | range start_port end_port ] }
after
Indicates all rules defined subsequent to this command are to be inserted after the command identified by the
exact options listed.
This moves the insertion point to be immediately after the rule which matches the exact options specified
such that new rules will be added, in order, after the matching rule.
exact options listed.
This moves the insertion point to be immediately after the rule which matches the exact options specified
such that new rules will be added, in order, after the matching rule.
Important:
If the options specified do not exactly match an existing rule, the insertion point does not change.