ACL Rule Syntax

An ACL rule entry consists of:
  • A rule entry name, unique within the same ACL policy file or among Dynamic ACLs.
  • Zero or more match conditions.
  • Zero or one action (permit or deny). If no action is specified, the packet is permitted by default.
  • Zero or more action modifiers.

Each rule entry uses the following syntax:

entry <ACLrulename>{
	if  {
	} then {

The following is an example of a rule entry:

entry  udpacl {
	if  {
		protocol  udp;
		source-port 190;
		destination-port  1200 - 1250;
	} then {

An ACL rule is evaluated as follows: