| 29.3. Examples of IPACL configuration | ||
|---|---|---|
 | Chapter 29. IPACL - IP Access Control List |  |
| 29.3. Examples of IPACL configuration | ||
|---|---|---|
| | Chapter 29. IPACL - IP Access Control List | |
In this example is shown how to block the connections from the IP address 192.168.20.1 to the Abilis HTTP service (i.e. IP address 192.168.20.253).
[15:54:19] ABILIS_CPX:a ipacl pr:2 type:deny prot:tcp sa:192.168.20.1 spo:* da:192.168.20.253 dpo:80COMMAND EXECUTED [15:54:21] ABILIS_CPX:d ipaclIPRTR parameters: ACL:YES ACLBYPASS:# ACL-FIREWALL:YES COS:ENABLED COSDFT:NORMAL - Not Saved (SAVE CONF) ------------------------------------------------------- Tot-IPACL-Number:3 ------------------------------------------------------------------------------- PR: [DESCR:] TYPE: SA: PROT: ICMP-TYPE: IPCOS: DA: SPO:/PO: DPO: TOS-O: TOS-I: SRES: DRES: RES-O: TI: ALERT: ------------------------------------------------------------------------------- 0 [Deny forwarding from hosts matching Firewall rule] DENY 'Firewall' * * DFT * * ------------------------------------------------------------------------------- 1 [Deny forwarding to hosts matching Firewall rule] DENY * * * DFT 'Firewall' * ------------------------------------------------------------------------------- 2 DENY 192.168.020.001 tcp DFT 192.168.020.253 * http(80) -------------------------------------------------------------------------------
In the following example is shown how to assign the highest priority to the voice IP packets, when data and voice share the same line.
[16:16:35] ABILIS_CPX:a ipacl pr:2 type:permit ipcos:high tos-i:*-d prot:udp sa:* da:* sres:int spo:* dpo:*COMMAND EXECUTED [16:16:35] ABILIS_CPX:d ipaclIPRTR parameters: ACL:YES ACLBYPASS:# ACL-FIREWALL:YES COS:ENABLED COSDFT:NORMAL - Not Saved (SAVE CONF) ------------------------------------------------------- Tot-IPACL-Number:3 ------------------------------------------------------------------------------- PR: [DESCR:] TYPE: SA: PROT: ICMP-TYPE: IPCOS: DA: SPO:/PO: DPO: TOS-O: TOS-I: SRES: DRES: RES-O: TI: ALERT: ------------------------------------------------------------------------------- 0 [Deny forwarding from hosts matching Firewall rule] DENY 'Firewall' * * DFT * * ------------------------------------------------------------------------------- 1 [Deny forwarding to hosts matching Firewall rule] DENY * * * DFT 'Firewall' * ------------------------------------------------------------------------------- 2 PERMIT * udp HIGH * * * * *-D INT * -------------------------------------------------------------------------------
This rule means that all the packets with any IP source address
and any UDP port, marked as “Minimum Delay”
(TOS-I:*-D) must be sent with HIGH
priority, leaving the same value of TOS
(TOS-O:*).
| |  | |
| 29.2. IPACL management |  | Chapter 30. IPBAN |