Acl cli reference
clear acl-plugin sessions
clear acl-plugin sessions
Declaration: aclplugin_clear_command src/plugins/acl/acl.c line 3584
Implementation: acl_clear_aclplugin_fn
delete acl-plugin acl
delete acl-plugin acl index <idx>
- Delete an Access Control List (ACL)
Removes an ACL at the specified index, which must exist but not in use by any interface.
delete acl-plugin acl index <idx>
Declaration: aclplugin_delete_acl_command src/plugins/acl/acl.c line 3641
Implementation: acl_delete_aclplugin_acl_fn
set acl-plugin
set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} <seconds>
Declaration: aclplugin_set_command src/plugins/acl/acl.c line 3518
Implementation: acl_set_aclplugin_fn
set acl-plugin acl
set acl-plugin acl [index <idx>] <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> [proto X] [sport X[-Y]] [dport X[-Y]] [tcpflags <int> mask <int>] [tag FOO] {use comma separated list for multiple rules}
- Create an Access Control List (ACL)
If index is not specified, a new one will be created. Otherwise, replace the one at this index.
An ACL is composed of more than one Access control element (ACE). Multiple ACEs can be specified with this command using a comma separated list.
Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP ports, but this CLI does not).
An ACL can optionally be assigned a 'tag' - which is an identifier understood by the client. VPP does not examine it in any way.
set acl-plugin acl <permit|deny|permit+reflect> src <PREFIX> dst <PREFIX> proto <TCP|UDP> sport <X-Y> dport <X-Y> tcpflags <X> mask <X> [tag FOO]
Declaration: aclplugin_set_acl_command src/plugins/acl/acl.c line 3624
Implementation: acl_set_aclplugin_acl_fn
set acl-plugin interface
set acl-plugin interface <interface> <input|output> <acl INDEX> [del]
- [un]Apply an ACL to an interface.
The ACL is applied in a given direction, either input or output. The ACL being applied must already exist.
set acl-plugin interface <input|output> acl <index> [del]
Declaration: aclplugin_set_interface_command src/plugins/acl/acl.c line 3599
Implementation: acl_set_aclplugin_interface_fn
show acl-plugin acl
show acl-plugin acl [index N]
Declaration: aclplugin_show_acl_command src/plugins/acl/acl.c line 3524
Implementation: acl_show_aclplugin_acl_fn
show acl-plugin decode 5tuple
show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX
Declaration: aclplugin_show_decode_5tuple_command src/plugins/acl/acl.c line 3542
Implementation: acl_show_aclplugin_decode_5tuple_fn
show acl-plugin interface
show acl-plugin interface [sw_if_index N] [acl]
Declaration: aclplugin_show_interface_command src/plugins/acl/acl.c line 3548
Implementation: acl_show_aclplugin_interface_fn
show acl-plugin lookup context
show acl-plugin lookup context [index N]
Declaration: aclplugin_show_lookup_context_command src/plugins/acl/acl.c line 3530
Implementation: acl_show_aclplugin_lookup_context_fn
show acl-plugin lookup user
show acl-plugin lookup user [index N]
Declaration: aclplugin_show_lookup_user_command src/plugins/acl/acl.c line 3536
Implementation: acl_show_aclplugin_lookup_user_fn
show acl-plugin macip acl
show acl-plugin macip acl [index N]
Declaration: aclplugin_show_macip_acl_command src/plugins/acl/acl.c line 3572
Implementation: acl_show_aclplugin_macip_acl_fn
show acl-plugin macip interface
show acl-plugin macip interface
Declaration: aclplugin_show_macip_interface_command src/plugins/acl/acl.c line 3578
Implementation: acl_show_aclplugin_macip_interface_fn
show acl-plugin memory
show acl-plugin memory
Declaration: aclplugin_show_memory_command src/plugins/acl/acl.c line 3554
Implementation: acl_show_aclplugin_memory_fn
show acl-plugin sessions
show acl-plugin sessions
Declaration: aclplugin_show_sessions_command src/plugins/acl/acl.c line 3560
Implementation: acl_show_aclplugin_sessions_fn
show acl-plugin tables
show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ]
Declaration: aclplugin_show_tables_command src/plugins/acl/acl.c line 3566
Implementation: acl_show_aclplugin_tables_fn