XrLin Packet Node IV3SCP-2:XSCP

XrLin v504s Packet Node {IV3SCP-2:XSCP} ( Thu, 5 Mar 2026 07:05:16 -0001 )
Admin	Chat	Info	Links	Nodes	PMS	Ports	Routes	Stats	Terminal	Users
IP-ACL(1)               XR32 REFERENCE MANUAL                29/1/2013

COMMAND
        IP-ACL -- IP Access Control List Commands.

SYNOPSIS
        ACL PERMIT <src>[/bits][:port] <dst>[/bits][:port] [proto]
        ACL DENY <src>[/bits][:port] <dst>[/bits][:port] [proto]

AVAILABILITY
        The ACL commands are currently only available for use in
        IPROUTE.SYS file.

DESCRIPTION
        The ACL (Access Control List) commands specify "rules"
        which govern the IP source and destination address ranges
        that are alllowed to be handled by XR32's IP router.

        These rules act like a "filter", allowing XR32 to handle
        selected IP addresses, whilst ignoring others.

        If no ACL rules are present, the default action is to
        handle all IP traffic without restriction.

        If one or more ACL rules is present, IP filtering is
        enabled. In this case, the default action is to block
        everything, unless it matches a PERMIT rule.

        The order in which the rules are specified is important.
        XR32 tests them in the specified order, and stops at the
        first match.

        Source and destination addresses, or ranges thereof
        are specified in the form <address>[/bits][:port]

        <address> is a single IP address, or a mask used in
                  combination with [/bits] to specify a range of
                  addresses.

        [/bits]   is the number of bits of the <address> to be
                  compared with the source or destination addresses
                  of a datagram. If not specified it defaulys to /32
                  i.e. an exact match.

        [:port]   is an optional TCP or UDP port or "service" number.
                  If present, it specifies a single port, according
                  to [proto].  If the field is not present, or the
                  value is 0, the rule will match any port number.

        [proto]   is an optional IP protocol number (e.g. 6=TCP,
                  17=UDP). If present and non-zero, the rule is used
                  only if the protocol matches. If [proto] is
                  omitted, or is zero. The rule will be used for all
                  protocols.

        0.0.0.0/0  means "all addreses".

        0.0.0.0/32 is a special case meaning any of XR32's addresses.

OPTIONS
        ACL PERMIT specifies the source and destination addresses,
        or ranges thereof which are permitted to be handled by XR32.
        You may need to specify several rules in order to cover all
        the permutations.

        Any addresses not allowed by a PERMIT rule are
        automatically blocked.

        ACL DENY specifies the source and destination addresses,
        or ranges thereof which are NOT permitted to be handled by
        XR32. This rule allows you to block single addresses or
        ranges within a larger allowed range.

EXAMPLES
        ; Allow LAN sources to access any dest
        acl permit  192.168.0.0/16  0.0.0.0/0

        ; Allow 44 sources to access any dest
        acl permit  44.0.0.0/8 0.0.0.0/0

        ; Allow non-44 sources to access XR32 (e.g. axudp)
        acl permit  0.0.0.0/0 0.0.0.0/32

        ; Allow XR32 to access any dest
        acl permit  0.0.0.0/32 0.0.0.0/0

        ; Prevent non-44 sources from accessing 44 dests
        acl deny   0.0.0.0.0 44.0.0.0/8


FILES
        ACL commands are used in IPROUTE.SYS. If present, this
        file must be located in the same directory as XR32.EXE.

SEE ALSO
        IPROUTE.SYS -- IP Router Configuration File.

IP-ACL(1)                 END OF DOCUMENT