acl command
- Panna .
Use the acl command to restrict users' access to NetMRI to a list of IP addresses or subnets, thereby reducing the likelihood of unauthorized access. By default, the appliance accepts user connections via HTTP (port 80), HTTPS (port 443), SSH (port 22), and SYSLOG (port 514). If an access control list is defined, any or all of these ports can be restricted to a specific list of IP addresses.
Syntax
The following is the command syntax:
acl [commit|list|flush|reload|accept|reject|delete|exit]
The following table describes the subcommands of the acl command.
| Subcommand | Description |
|---|---|
list | Lists all ACL entries. The command does not take any arguments. |
flush | Clears all ACL entries (no access restrictions). The command does not take any arguments. |
accept | Accepts connections from a given CIDR block. The command takes the following arguments:
where |
reject | Rejects connections from a given CIDR block. The command takes the following arguments:
where |
commit | Saves the ACL and makes it active. The command does not take any arguments. |
delete | Deletes the existing access rules. The command takes the following arguments:
where |
| Clears working entries and reloads from disk. The command does not take any arguments. |
exit | Exits the ACL mode. The command does not take any arguments. |
Examples
The following commands would allow connections from any host in the specified subnet to any of the access ports supported by NetMRI:
flush
accept 192.168.12.0/24 all
commit
If you'd like to exclude specific hosts from a range of addresses, you should use one or more reject commands before the accept command as in the following example:
flush
reject 192.168.12.66/32 all
reject 192.168.12.99/32 all
accept 192.168.12.0/24 all
commit
If at least one ACL entry is defined, all access attempts other than those specifically listed are rejected; if no ACL entries are defined, all access attempts are accepted.