[c-nsp] cisco ACL filter outbound only
Brian Turnbow
b.turnbow at twt.it
Tue Sep 15 12:10:01 EDT 2020
>
> Again, the cli seems to indicate support for all the things necessary, which
> includes the idea of 'established', which is why I ask if THIS platform does in
> fact do what the cli suggests:
>
No it doesn't
You need to understand what established does.
It matches TCP datagrams with ACK or RST set . That is it.
Here is a manual regarding setting up acls that may help you
https://www.cisco.com/c/en/us/td/docs/ios-xml/ios/sec_data_acl/configuration/xe-3s/sec-data-acl-xe-3s-book/sec-create-ip-apply.html
Brian
More information about the cisco-nsp
mailing list