.. _clicmd_src_plugins_acl:

===============================================================
Acl cli reference
===============================================================

clear acl-plugin sessions
-------------------------------------------------------------------------

.. code-block:: console

    clear acl-plugin sessions


Declaration: ``aclplugin_clear_command`` `src/plugins/acl/acl.c line 3607 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3607>`_

Implementation: ``acl_clear_aclplugin_fn``


delete acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    delete acl-plugin acl index <idx>



Delete an Access Control List (ACL)
 Removes an ACL at the specified index, which must exist but not in use by
 any interface.



.. code-block:: console

    delete acl-plugin acl index <idx>



Declaration: ``aclplugin_delete_acl_command`` `src/plugins/acl/acl.c line 3665 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3665>`_

Implementation: ``acl_delete_aclplugin_acl_fn``


set acl-plugin
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} <seconds>


Declaration: ``aclplugin_set_command`` `src/plugins/acl/acl.c line 3541 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3541>`_

Implementation: ``acl_set_aclplugin_fn``


set acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin acl [index <idx>] <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> [proto X] [sport X[-Y]] [dport X[-Y]] [tcpflags <int> mask <int>] [tag FOO] {use comma separated list for multiple rules}



Create an Access Control List (ACL)
 If index is not specified, a new one will be created. Otherwise, replace
 the one at this index.

 An ACL is composed of more than one Access control element (ACE). Multiple
 ACEs can be specified with this command using a comma separated list.

Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port
ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP
ports, but this CLI does not).

An ACL can optionally be assigned a 'tag' - which is an identifier
understood by the client. VPP does not examine it in any way.



.. code-block:: console

    set acl-plugin acl <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> proto <TCP|UDP> sport <X-Y> dport <X-Y> tcpflags <X> mask <X> [tag FOO]



Declaration: ``aclplugin_set_acl_command`` `src/plugins/acl/acl.c line 3647 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3647>`_

Implementation: ``acl_set_aclplugin_acl_fn``


set acl-plugin interface
-------------------------------------------------------------------------

.. code-block:: console

    set acl-plugin interface <interface> <input|output> <acl INDEX> [del] 



[un]Apply an ACL to an interface.
 The ACL is applied in a given direction, either input or output.
 The ACL being applied must already exist.

``set acl-plugin interface <input|output> acl <index> [del]``


Declaration: ``aclplugin_set_interface_command`` `src/plugins/acl/acl.c line 3622 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3622>`_

Implementation: ``acl_set_aclplugin_interface_fn``


show acl-plugin acl
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin acl [index N]


Declaration: ``aclplugin_show_acl_command`` `src/plugins/acl/acl.c line 3547 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3547>`_

Implementation: ``acl_show_aclplugin_acl_fn``


show acl-plugin decode 5tuple
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX


Declaration: ``aclplugin_show_decode_5tuple_command`` `src/plugins/acl/acl.c line 3565 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3565>`_

Implementation: ``acl_show_aclplugin_decode_5tuple_fn``


show acl-plugin interface
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin interface [sw_if_index N] [acl]


Declaration: ``aclplugin_show_interface_command`` `src/plugins/acl/acl.c line 3571 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3571>`_

Implementation: ``acl_show_aclplugin_interface_fn``


show acl-plugin lookup context
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin lookup context [index N]


Declaration: ``aclplugin_show_lookup_context_command`` `src/plugins/acl/acl.c line 3553 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3553>`_

Implementation: ``acl_show_aclplugin_lookup_context_fn``


show acl-plugin lookup user
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin lookup user [index N]


Declaration: ``aclplugin_show_lookup_user_command`` `src/plugins/acl/acl.c line 3559 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3559>`_

Implementation: ``acl_show_aclplugin_lookup_user_fn``


show acl-plugin macip acl
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin macip acl [index N]


Declaration: ``aclplugin_show_macip_acl_command`` `src/plugins/acl/acl.c line 3595 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3595>`_

Implementation: ``acl_show_aclplugin_macip_acl_fn``


show acl-plugin macip interface
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin macip interface


Declaration: ``aclplugin_show_macip_interface_command`` `src/plugins/acl/acl.c line 3601 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3601>`_

Implementation: ``acl_show_aclplugin_macip_interface_fn``


show acl-plugin memory
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin memory


Declaration: ``aclplugin_show_memory_command`` `src/plugins/acl/acl.c line 3577 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3577>`_

Implementation: ``acl_show_aclplugin_memory_fn``


show acl-plugin sessions
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin sessions


Declaration: ``aclplugin_show_sessions_command`` `src/plugins/acl/acl.c line 3583 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3583>`_

Implementation: ``acl_show_aclplugin_sessions_fn``


show acl-plugin tables
-------------------------------------------------------------------------

.. code-block:: console

    show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]


Declaration: ``aclplugin_show_tables_command`` `src/plugins/acl/acl.c line 3589 <https://github.com/FDio/vpp/blob/master//src/plugins/acl/acl.c#L3589>`_

Implementation: ``acl_show_aclplugin_tables_fn``