access-list
This command configures the Firewall table, which lets you define firewall rules that define network traffic filtering rules.
Syntax
(config-network)# access-list <Index> (access-list-<Index>)#
|
Command |
Description |
|---|---|
|
Index |
Defines the table row index. |
|
allow-type {allow|block} |
Defines the firewall action if the rule is matched. |
|
byte-burst |
Defines the allowed traffic burst in bytes. |
|
byte-rate |
Defines the allowed traffic bandwidth in bytes per second. |
|
description |
Defines a brief description for the rule. |
|
end-port |
Defines the destination ending port. |
|
network-interface-name |
Defines the IP Network Interface (string) for which the rule applies. |
|
packet-size |
Defines the maximum allowed packet size. |
|
prefixLen |
Defines the prefix length of the source IP address (defining a subnet). |
|
protocol |
Defines the IP user-level protocol. |
|
source-ip |
Defines the source IP address from where the packets are received. |
|
src-port |
Defines the source port from where the packets are received. |
|
start-port |
Defines the destination starting port. |
|
use-specific-interface {disable|enable} |
Use the rule for a specific interface or for all interfaces. |
Command Mode
Privileged User
Example
This example configures a firewall rule allowing a maximum packet size of 1500 bytes on the "ITSP" network interface:
(config-network)# access-list (access-list-0)# network-interface-name ITSP (access-list-0)# allow-type allow (access-list-0)# packet-size 1500