srcaddr <ip-address> | Specifies the source subnet IP address and netmask. Use the format XXX.XXX.XXX.XXX/XX for IPv4 and X:X:X::X/XXX for IPv6. |
srcaddr all-ip | Specifies all IPv4 and all IPv6 addresses. This is the default. |
srcaddr all-ipv4 | Specifies all IPv4 addresses. |
srcaddr all-ipv6 | Specifies all IPv6 addresses. |
dstaddr <ip-address> | Specifies the destination subnet IP address and netmask. Use the format XXX.XXX.XXX.XXX/XX for IPv4 and X:X:X::X/XXX for IPv6. |
dstaddr all-ip | Specifies all IPv4 and all IPv6 addresses. This is the default. |
dstaddr all-ipv4 | Specifies all IPv4 addresses. |
dstaddr all-ipv6 | Specifies all IPv6 addresses. |
dstport <port(s)> | Specifies a destination port or port label for this rule. You can specify: • a single port number. • a comma-separated list of ports with or without ranges (for example, 1,2,4-10,12). • any user-defined port labels. Valid port labels include: – SteelFusion – Interactive – RBT-Proto – Secure For more information on port labels, see
port-label. |
vlan <vlan> | Specifies a VLAN identification number from 1 to 4094, -1, or 0. -1 specifies that the rule applies to all VLANs; 0 specifies that the rule applies to untagged connections. |
rulenum <rule-number> | Specifies a rule number from 1 to N, start, or end. The SteelHeads evaluate rules in numerical order, starting with rule 1. If the conditions set in the rule match, then the rule is applied, and the system moves on to the next packet. If the conditions set in the rule do not match, the system consults the next rule. For example, if the conditions of rule 1 do not match, rule 2 is consulted. If rule 2 matches the conditions, it is applied, and no further rules are consulted. |