ACL Rule Syntax

An ACL rule entry consists of:
  • A rule entry name, unique within the same ACL policy file or among Dynamic ACLs.
  • Zero or more match conditions.
  • Zero or one action (permit or deny). If no action is specified, the packet is permitted by default.
  • Zero or more action modifiers.

Each rule entry uses the following syntax:

entry <ACLrulename>{
	if  {
		<match-conditions>;
	} then {
		<action>;
		<action-modifiers>;
	}
}

The following is an example of a rule entry:

entry  udpacl {
	if  {
		source-address 10.203.134.0/24;
		destination-address 140.158.18.16/32;
		protocol  udp;
		source-port 190;
		destination-port  1200 - 1250;
	} then {
		permit;
	}
}

An ACL rule is evaluated as follows: