RuleNumber, SrcIpAddress, DstIpAddress, SrcPortList, DstPortList (in that order).
If a Device does not supply rule numbers, the Device driver will generate them automatically so as to keep the rules in proper order).
AclGroupedRule attributes lists attributes supported in AclGroupedRule.
| Display name |
Type |
Description |
|---|---|---|
| Ack |
Boolean |
ACK tcp-flag. |
| AclRuleDescription |
String |
User description of rule. (Most devices do not implement this.) |
| Action |
String |
Action to be taken if the rule matches. |
| ActionTarget |
String |
Device package specific target for the action that was specified. |
| AhSpiExceptList |
ListObject |
Except these AH SPI values |
| AhSpiList |
ListObject |
Ah Spi values. |
| ApplyGroupsExceptList |
ListObject |
Apply group’s exception list. |
| ApplyGroupsList |
ListObject |
Apply Groups List Object. |
| DscpExceptList |
ListObject |
Except these dscp values |
| DscpList |
ListObject |
Diff-serve code point. Small integer value. |
| DstAddressTypeList |
ListObject |
List of possible destination address types. |
| DstInterface |
String |
Destination (egress) interface |
| DstIpAddress |
IpAddressString |
Destination IP address (IPV4 or IPV6). |
| DstIpCIDR |
IpAddressString |
Constructed IP conglomerate used for comparisons. To be implemented. |
| DstIpNetmask |
String |
Destination IP Net Mask (not a wild card). |
| DstMac |
String |
Destination MAC for layer 2 packets. |
| DstMacMACADDR |
String |
Constructed destination MAC for comparisons. |
| DstNetworkGroup |
String |
A Network Group name that contains a list of Network Addresses to be used for destination address matching in this rule. |
| DstPrefixList |
ListObject |
Destination prefix list. |
| DstPortGroup |
String |
A Port Group name that contains a list of Ports to be used for destination matching in this rule. |
| DstPortList |
ListObject |
Destination port range or single port value. |
| DynamicName |
String |
Name of dynamic ACL. |
| EspSpiExceptList |
ListObject |
Except these esp spi values |
| EspSpiList |
ListObject |
IP SEC ESP SPI List. |
| EthernetTypeList |
ListObject |
Ethernet type code. |
| Fin |
Boolean |
FIN tcp-flag. |
| ForwardingClassExceptList |
ListObject |
Except these forwarding classes. |
| ForwardingClassList |
ListObject |
Current forwarding class of packet. |
| FragmentFlagsList |
ListObject |
Fragment flags list. |
| FragOffsetExceptList |
ListObject |
Except these fragment offsets |
| FragOffsetRangeList |
ListObject |
Fragment offset range. |
| IcmpCodeExceptList |
ListObject |
ICMP code exceptions list. |
| IcmpCodeList |
ListObject |
ICMP code for ICMP packets. |
| IcmpMessage |
String |
ICMP message for ICMP packets. |
| IcmpTypeExceptList |
ListObject |
Except these ICMP types. |
| IcmpTypeList |
ListObject |
Type code for ICMP packets. |
| IgmpTypeList |
ListObject |
IGMP type code for IGMP packets. |
| InterfaceList |
ListObject |
Interfaces this ACL rule applies to. |
| IpOptionsExceptList |
ListObject |
List of IP option exceptions for this rule. |
| IpOptionsList |
ListObject |
List of IP options selected by this rule. |
| IpPrecedenceExceptList |
ListObject |
Except these ip precedence values |
| IpPrecedenceList |
ListObject |
IP precedence list |
| IpProtocolExceptList |
ListObject |
Except these IP protocol values. |
| IpProtocolList |
ListObject |
IP protocol list range or single value. |
| IsEstablished |
Boolean |
Boolean indication a TCP connection is established. |
| IsFragment |
Boolean |
Boolean indicating packet is a fragment. |
| IsInitial |
Boolean |
Is this an initial fragment in the packet |
| LogInput |
Boolean |
Boolean indicating input should be logged. |
| LogOptions |
String |
Logging options for this rule. |
| LogPackets |
Boolean |
Boolean indicating packets should be logged. |
| MacPrecedence |
Integer |
MAC precedence value. |
| MatchCount |
Long |
The match count for the rule in the Device. |
| PacketCounter |
String |
Name of the packet counter associated with this ACL rule. |
| PacketLengthExceptList |
ListObject |
Except these packet lengths |
| PacketLengthList |
ListObject |
Packet length of IP packet. |
| Psh |
Boolean |
PSH tcp-flag. |
| RedirectPortList |
ListObject |
Port number packets matching rule should be redirected to. |
| ReflexiveEvaluate |
String |
Evaluate the indicated reflexive ACL. |
| ReflexiveName |
String |
Name of the Reflexive ACL. |
| RejectAsDest |
Boolean |
Boolean to reject packet as if from the destination address |
| RejectCode |
Integer |
ICMP reject code that should be sent when packets match rule. |
| Rst |
Boolean |
RST tcp flag. |
| RuleName |
String |
The name of the rule, for Device classes that support named rules. |
| RuleNumber |
Integer |
Rule number with the ACL. |
| SetForwardingClass |
String |
Set matching packet’s forwarding class to specified field. |
| SetLossPriority |
String |
Set matching packets loss priority to specified field. |
| SetRateLimiter |
String |
Set matching packets rate limiter to specified field. |
| SrcAddressTypeList |
ListObject |
List of possible source address types. |
| SrcClassExceptList |
ListObject |
List of source class exceptions for this rule. |
| SrcClassList |
ListObject |
List of source classes for this rule. |
| SrcInterface |
String |
Source (ingress) interface |
| SrcIpAddress |
IpAddressString |
Source IP address in rule (IPV4 or IPV6). |
| SrcIpCIDR |
IpAddressString |
Constructed IP/mask conglomerate for address comparisons. |
| SrcIpNetmask |
String |
Source IP Net Mask (not a Wildcard). |
| SrcMac |
String |
Source MAC for layer 2 packets. |
| SrcMacMACADDR |
String |
Constructed source MAC operator for comparisons. |
| SrcNetworkGroup |
String |
The name of a Network Group that contains a list of IP network addresses to be used for source matching. |
| SrcPrefixList |
String |
List of source prefixes for this rule. |
| SrcPortGroup |
String |
The name of a Port Group that contains of list of ports used for source matching. |
| SrcPortList |
ListObject |
A list of source ports matched against the packet’s source port. |
| Syn |
Boolean |
SYN TCP flag. |
| TcpMssList |
ListObject |
List of possible TCP MSS values matching this rule. |
| TcpOptionList |
ListObject |
List of possible TCP options matching this rule. |
| TimeRange |
String |
Name of time range association. |
| TypeOfServiceList |
ListObject |
List of IP Type of Service values. |
| Urg |
Boolean |
URG TCP flag. |
