29.3. Examples of IPACL configuration

29.3.1. IP packets blocking

In this example is shown how to block the connections from the IP address 192.168.20.1 to the Abilis HTTP service (i.e. IP address 192.168.20.253).

[15:54:19] ABILIS_CPX:a ipacl pr:0 type:deny prot:tcp sa:192.168.20.1 spo:* da:192.168.20.253 dpo:80

COMMAND EXECUTED

[15:54:21] ABILIS_CPX:d ipacl

IPRTR resource parameters:  ACL:YES       ACLBYPASS:#
                            COS:ENABLED   COSDFT:NORMAL

- Not Saved (SAVE CONF) -------------------------------------------------------
Tot-IPACL-Number:1

-------------------------------------------------------------------------------
PR: [DESCR:]
    TYPE:  SA:                             PROT:              ICMP-TYPE:
    IPCOS: DA:                             SPO:/PO:           DPO:
    TOS-O: TOS-I:                          SRES:              DRES:
           TI:
-------------------------------------------------------------------------------
0   DENY   192.168.020.001                 tcp                
    DFT    192.168.020.253                 *                  http(80)
-------------------------------------------------------------------------------

29.3.2. Giving High Priority to VoIP packets

In the following example is shown how to assign the highest priority to the voice IP packets, when data and voice share the same line.

[16:16:35] ABILIS_CPX:a ipacl pr:0 type:permit ipcos:high tos-i:*-d prot:udp sa:* da:* sres:int spo:* dpo:*

COMMAND EXECUTED

[16:16:35] ABILIS_CPX:d ipacl

IPRTR resource parameters:  ACL:YES       ACLBYPASS:#
                            COS:ENABLED   COSDFT:NORMAL

- Not Saved (SAVE CONF) -------------------------------------------------------
Tot-IPACL-Number:2

-------------------------------------------------------------------------------
PR: [DESCR:]
    TYPE:  SA:                             PROT:              ICMP-TYPE:
    IPCOS: DA:                             SPO:/PO:           DPO:
    TOS-O: TOS-I:                          SRES:              DRES:
           TI:
-------------------------------------------------------------------------------
0   PERMIT *                               udp                
    HIGH   *                               *                  *
    *      *-D                             INT                *
-------------------------------------------------------------------------------

This rule means that all the packets with any IP source address and any UDP port, marked as “Minimum Delay” (TOS-I:*-D) must be sent with HIGH priority, leaving the same value of TOS (TOS-O:*).