ACL::action

Description

The ACL::action command allows you to determine the ACL action in the FLOW_INIT event. This command requires the Advanced Firewall Manager module.

Syntax

ACL::action [default | drop | reset | allow | allow-final]

ACL::action

  • without providing an action, the command will return an integer value corresponding to an action that will be taken
    • 1 is a drop
    • 2 is reset (or reject)
    • 3 is allow (or accept)
    • 4 is allow-final (or accept-decisively)

ACL::action [default | drop | reset | allow | allow-final]

  • sets the action to take on the ACL this rule is applied to. This command does not return a value.
    • default - takes the default action on the ACL within current context effectively skipping any defined rules
    • drop - drops the connection
    • reset - resets the connection
    • allow - allows the connection and proceeds to the next ACL.
    • allow-final - allows the connection and bypasses further ACL processing

If the ACL action is modified, running ACL::action will return the new action to be taken.

Examples

when FLOW_INIT {
    set ipaddr [IP::client_addr]
    set locale [whereis $ipaddr country]
    log local0. "IP Address/Counry $ipaddr/$locale"
    switch $locale {
        "US" -
        "CA" { return }
        "GB" { ACL::action drop }
        default { ACL::action reset }
    }
}

when FLOW_INIT {
  if { [IP::addr [IP::client_addr] equals 172.29.97.151] } {
    ACL::action allow
    virtual /Common/my_http_vs
    log "FLOW_INIT: ACL allow to /Common/my_http_vs"
  }
}