ip access-list standard filter

Use this command to configure an access control entry in an access control list (ACL).

This command determines whether to accept or drop a packet based on the configured source IP address.

Use the no form of this command to remove an ACL specification.

Command Syntax

Copy 
(deny|permit) (A.B.C.D/M|A.B.C.D A.B.C.D|host A.B.C.D|any)
no (deny|permit) (A.B.C.D/M|A.B.C.D A.B.C.D|host A.B.C.D|any)

Parameter

deny

Drop the packet.

permit

Accept the packet.

A.B.C.D/M

Source IP prefix and length.

A.B.C.D A.B.C.D

Source IP address and mask.

host A.B.C.D

A single source host IP address.

any

Match any source IP address.

Default

deny 0.0.0.0/32 and deny host 0.0.0.0 - Deny a specific default route (blocking traffic to the exact host 0.0.0.0).

deny 0.0.0.0/0 - By default, this acts as deny any, blocking all traffic since 0.0.0.0/0 represents the entire IP space.

Command Mode

Standard IP access-list mode

Applicability

This command was introduced in OcNOS version 1.3.6 .

Examples

Copy 
#configure terminal
(config)#ip access-list ip-acl-01
(config-ip-acl-std)#permit 30.30.30.0/24 
(config-ip-acl-std)#no permit 30.30.30.0/24 

To deny access to only the specific host 0.0.0.0:

Copy 
OcNOS(config)#ip access-list standard acl
OcNOS(config-ip-acl-std)#deny host 0.0.0.0
OcNOS(config-ip-acl-std)#commit