ACL::action¶
Description¶
The ACL::action command allows you to determine the ACL action in the
FLOW_INIT event. This command requires the
Advanced Firewall Manager module.
Syntax¶
ACL::action [default | drop | reset | allow | allow-final]
ACL::action¶
- without providing an action, the command will return an integer value
corresponding to an action that will be taken
- 1 is a drop
- 2 is reset (or reject)
- 3 is allow (or accept)
- 4 is allow-final (or accept-decisively)
ACL::action [default | drop | reset | allow | allow-final]¶
- sets the action to take on the ACL this rule is applied to. This
command does not return a value.
- default - takes the default action on the ACL within current context effectively skipping any defined rules
- drop - drops the connection
- reset - resets the connection
- allow - allows the connection and proceeds to the next ACL.
- allow-final - allows the connection and bypasses further ACL processing
If the ACL action is modified, running ACL::action will return the new
action to be taken.
Examples¶
when FLOW_INIT {
set ipaddr [IP::client_addr]
set locale [whereis $ipaddr country]
log local0. "IP Address/Counry $ipaddr/$locale"
switch $locale {
"US" -
"CA" { return }
"GB" { ACL::action drop }
default { ACL::action reset }
}
}
when FLOW_INIT {
if { [IP::addr [IP::client_addr] equals 172.29.97.151] } {
ACL::action allow
virtual /Common/my_http_vs
log "FLOW_INIT: ACL allow to /Common/my_http_vs"
}
}