22.3. Examples of IPACL configuration

22.3. Examples of IPACL configuration
	Chapter 22. IPACL - IP Access Control List

22.3.1. IP packets blocking

In this example is shown how to block the connections from the IP address 192.168.20.1 to the Abilis HTTP service (i.e. IP address 192.168.20.253).

[15:54:19] ABILIS_CPX:a ipacl pr:0 type:deny prot:tcp sa:192.168.20.1 spo:* da:192.168.20.253 dpo:80

COMMAND EXECUTED

[15:54:21] ABILIS_CPX:d ipacl

IPRTR resource parameters:  ACL:EXT       ACLBYPASS:#
                            COS:ENABLED   COSDFT:NORMAL

- Not Saved (SAVE CONF) -------------------------------------------------------

Tot-IPACL-Number:1

-------------------------------------------------------------------------------
PR: [DESCR:]
    TYPE:  SA:                               DA:
    IPCOS: PROT:                  SPO:/PO:               DPO:
    TOS-IN:        TOS-OUT:       SIP:   DIP:   CRDIR:   CRKEY:
    TI:
-------------------------------------------------------------------------------
0   DENY   192.168.020.001                   192.168.020.253
           tcp                    *                      http(80)
-------------------------------------------------------------------------------

22.3.2. Giving High Priority to VoIP packets

In the following example is shown how to assign the highest priority to the voice IP packets, when data and voice share the same line.

[16:16:35] ABILIS_CPX:a ipacl pr:0 type:permit ipcos:high tos-in:*-d prot:udp sa:* da:* sip:int spo:* dpo:*

COMMAND EXECUTED

[16:16:35] ABILIS_CPX:d ipacl

IPRTR resource parameters:  ACL:EXT       ACLBYPASS:#
                            COS:ENABLED   COSDFT:NORMAL

Tot-IPACL-Number:1

-------------------------------------------------------------------------------
PR: [DESCR:]
    TYPE:  SA:                               DA:
    IPCOS: PROT:                  SPO:/PO:               DPO:
    TOS-IN:        TOS-OUT:       SIP:   DIP:   CRDIR:   CRKEY:
    TI:
-------------------------------------------------------------------------------
0   PERMIT *                                 *
    HIGH   udp                    *                      *
    *-D            *              INT    *      NONE
-------------------------------------------------------------------------------

This rule means that all the packets with any IP source address and any UDP port, marked as “Minimum Delay” (TOS-IN:*-D) must be sent with HIGH priority, leaving the same value of TOS (TOS-OUT:*).


22.2. IPACL management		Chapter 23. RIP - Routing Information Protocol