.. _clicmd_src_plugins_acl: =============================================================== Acl cli reference =============================================================== clear acl-plugin sessions ------------------------------------------------------------------------- .. code-block:: console clear acl-plugin sessions Declaration: ``aclplugin_clear_command`` `src/plugins/acl/acl.c line 3566 `_ Implementation: ``acl_clear_aclplugin_fn`` set acl-plugin ------------------------------------------------------------------------- .. code-block:: console set acl-plugin session timeout {{udp idle}|tcp {idle|transient}} Declaration: ``aclplugin_set_command`` `src/plugins/acl/acl.c line 3500 `_ Implementation: ``acl_set_aclplugin_fn`` set acl-plugin acl ------------------------------------------------------------------------- .. code-block:: console set acl-plugin acl src dst proto X sport X-Y dport X-Y [tag FOO] {use comma separated list for multiple rules} Create an Access Control List (ACL) an ACL is composed of more than one Access control element (ACE). Multiple ACEs can be specified with this command using a comma separated list. Each ACE describes a tuple of src+dst IP prefix, ip protocol, src+dst port ranges. (the ACL plugin also support ICMP types/codes instead of UDP/TCP ports, but this CLI does not). An ACL can optionally be assigned a 'tag' - which is an identifier understood by the client. VPP does not examine it in any way. .. code-block:: console set acl-plugin acl src dst proto sport dport [tag FOO] Declaration: ``aclplugin_set_acl_command`` `src/plugins/acl/acl.c line 3602 `_ Implementation: ``acl_set_aclplugin_acl_fn`` set acl-plugin interface ------------------------------------------------------------------------- .. code-block:: console set acl-plugin interface [del] [un]Apply an ACL to an interface. The ACL is applied in a given direction, either input or output. The ACL being applied must already exist. ``set acl-plugin interface acl [del]`` Declaration: ``aclplugin_set_interface_command`` `src/plugins/acl/acl.c line 3581 `_ Implementation: ``acl_set_aclplugin_interface_fn`` show acl-plugin acl ------------------------------------------------------------------------- .. code-block:: console show acl-plugin acl [index N] Declaration: ``aclplugin_show_acl_command`` `src/plugins/acl/acl.c line 3506 `_ Implementation: ``acl_show_aclplugin_acl_fn`` show acl-plugin decode 5tuple ------------------------------------------------------------------------- .. code-block:: console show acl-plugin decode 5tuple XXXX XXXX XXXX XXXX XXXX XXXX Declaration: ``aclplugin_show_decode_5tuple_command`` `src/plugins/acl/acl.c line 3524 `_ Implementation: ``acl_show_aclplugin_decode_5tuple_fn`` show acl-plugin interface ------------------------------------------------------------------------- .. code-block:: console show acl-plugin interface [sw_if_index N] [acl] Declaration: ``aclplugin_show_interface_command`` `src/plugins/acl/acl.c line 3530 `_ Implementation: ``acl_show_aclplugin_interface_fn`` show acl-plugin lookup context ------------------------------------------------------------------------- .. code-block:: console show acl-plugin lookup context [index N] Declaration: ``aclplugin_show_lookup_context_command`` `src/plugins/acl/acl.c line 3512 `_ Implementation: ``acl_show_aclplugin_lookup_context_fn`` show acl-plugin lookup user ------------------------------------------------------------------------- .. code-block:: console show acl-plugin lookup user [index N] Declaration: ``aclplugin_show_lookup_user_command`` `src/plugins/acl/acl.c line 3518 `_ Implementation: ``acl_show_aclplugin_lookup_user_fn`` show acl-plugin macip acl ------------------------------------------------------------------------- .. code-block:: console show acl-plugin macip acl [index N] Declaration: ``aclplugin_show_macip_acl_command`` `src/plugins/acl/acl.c line 3554 `_ Implementation: ``acl_show_aclplugin_macip_acl_fn`` show acl-plugin macip interface ------------------------------------------------------------------------- .. code-block:: console show acl-plugin macip interface Declaration: ``aclplugin_show_macip_interface_command`` `src/plugins/acl/acl.c line 3560 `_ Implementation: ``acl_show_aclplugin_macip_interface_fn`` show acl-plugin memory ------------------------------------------------------------------------- .. code-block:: console show acl-plugin memory Declaration: ``aclplugin_show_memory_command`` `src/plugins/acl/acl.c line 3536 `_ Implementation: ``acl_show_aclplugin_memory_fn`` show acl-plugin sessions ------------------------------------------------------------------------- .. code-block:: console show acl-plugin sessions Declaration: ``aclplugin_show_sessions_command`` `src/plugins/acl/acl.c line 3542 `_ Implementation: ``acl_show_aclplugin_sessions_fn`` show acl-plugin tables ------------------------------------------------------------------------- .. code-block:: console show acl-plugin tables [ acl [index N] | applied [ lc_index N ] | mask | hash [verbose N] ] Declaration: ``aclplugin_show_tables_command`` `src/plugins/acl/acl.c line 3548 `_ Implementation: ``acl_show_aclplugin_tables_fn``