<div dir="ltr">HI,<div><span style="font-family:sans-serif;font-size:12.8px">seq 96 permit tcp host xx.xx.xx.xx any eq 88 class Permit</span><br style="font-family:sans-serif;font-size:12.8px"><span style="font-family:sans-serif;font-size:12.8px">seq 97 permit tcp host yy.yy.yy.yy any eq 88 class Permit</span> <br><div><span style="font-family:sans-serif;font-size:12.8px">seq 98 permit tcp any any eq 88 class Deny</span><br style="font-family:sans-serif;font-size:12.8px"><br></div><div>"</div><div class="gmail-body-content" id="gmail-content"><h3><a name="i1138843"></a><a name="_C4"></a><span class="gmail-CHAPNUMBER">1.1.2 </span><span class="gmail-CHAPTITLE"><a name="id_eovj"></a><a name="CHAPTER1.1.2" class="gmail-CHAPLINK" href="http://localhost:9032/alexserv?AC=LINK&ID=26857&FN=35_1543-CRA1191170_1-V1Uen.M.html&PA=access-list&ST=FULLTEXT#TOP">IP ACL Statements (Rules)</a></span></h3></div><div>In <a title="Internet Protocol" class="gmail-glossexpansion">IP</a> <a title="Access Control List" class="gmail-glossexpansion">ACLs</a>, each rule defines the action, either permit or deny, to be taken for a packet if the packet satisfies the rule. A <tt class="gmail-input"><b>permit</b></tt> statement causes any packet matching the criteria to be accepted. A <tt class="gmail-input"><b>deny</b></tt> statement causes any packet matching the criteria to be dropped. A packet that does not match the criteria of the first statement is subjected to the criteria of the second statement, and so on, until the end of the <a title="Internet Protocol" class="gmail-glossexpansion">IP</a> <a title="Access Control List" class="gmail-glossexpansion">ACL</a> is reached; at which point, the packet is dropped due to an implicit <tt class="gmail-input"><b>deny any any</b></tt> statement at the end of every <a title="Internet Protocol" class="gmail-glossexpansion">IP</a> <a title="Access Control List" class="gmail-glossexpansion">ACL</a>."</div></div></div><br><div class="gmail_quote"><div dir="ltr" class="gmail_attr">пт, 12 июл. 2019 г. в 11:49, Bartek Mickiewicz <<a href="mailto:bmtych@gmail.com">bmtych@gmail.com</a>>:<br></div><blockquote class="gmail_quote" style="margin:0px 0px 0px 0.8ex;border-left:1px solid rgb(204,204,204);padding-left:1ex"><div dir="auto">Hi,<div dir="auto">I'm having problem with policy access-list. I want to block all incoming connections to port 88 and allow two IP addresses to access that port. </div><div dir="auto">I've tried:</div><div dir="auto"><span style="font-family:sans-serif;font-size:12.8px">seq 98 permit tcp any any eq 88 class Deny</span><br style="font-family:sans-serif;font-size:12.8px"><span style="font-family:sans-serif;font-size:12.8px">seq 103 permit tcp host xx.xx.xx.xx any eq 88 class Permit</span><br style="font-family:sans-serif;font-size:12.8px"><span style="font-family:sans-serif;font-size:12.8px">seq 103 permit tcp host yy.yy.yy.yy any eq 88 class Permit</span><br></div></div>
_______________________________________________<br>
redback-nsp mailing list<br>
<a href="mailto:redback-nsp@puck.nether.net" target="_blank">redback-nsp@puck.nether.net</a><br>
<a href="https://puck.nether.net/mailman/listinfo/redback-nsp" rel="noreferrer" target="_blank">https://puck.nether.net/mailman/listinfo/redback-nsp</a><br>
</blockquote></div>