Defining Access Control Lists 71
The IP Based ACL Modify Page contains the following fields:
■ Selection ACL — Selects the ACL to be modified.
Modify Rule
■ Priority — Defines the ACL priority. ACLs are checked on the first fit
basis. The ACL priority defines the ACL order in the ACL list.
■ Protocol — Indicates the protocol in the ACE to which the packet is
matched.
■ Select from List — Selects a protocol from a list on which ACE can
be based.
■ Protocol ID — Adds user-defined protocols by which packets are
matched to the ACE. Each protocol has a specific protocol number
which is unique. The possible field range is 0-255.
■ Source Port — Enables creating an ACL based on a specific protocol.
■ Any — Enables creating an ACL based on any protocol.
■ Destination Port — Indicates the destination port that is matched
packets. Enabled only when TCP or UDP are selected in the Protocol
list.
■ Any — Enables creating an ACL Based on any protocol.
■ TCP Flags — If checked, enables configuration of TCP flags matched
to the packet. The possible fields are:
■ Urg — Urgent pointer field significant. The urgent pointer points to
the sequence number of the octet following the urgent data.
■ Ack — Acknowledgement field significant. The acknowledgement
field is the byte number of the next byte that the sender expects to
receive from the receiver.
■ Psh — Push (send) the data as soon as possible, without buffering.
This is used for interactive traffic.
■ Rst — Reset the connection. This invalidates the sequence numbers
and aborts the session between the sender and receiver.
■ Syn — Synchronize Initial Sequence Numbers (ISNs). This is used to
initialize a new connection.
■ Fin — Finish. This indicates there is no more data from the sender.
This marks a normal closing of the session between the sender and
receiver.
Comentários a estes Manuais