What can I help you with?

NVIDIA NVOS User Manual for NVLink Switches v25.02.2141

NVIDIA Docs Hub NVIDIA Networking Networking Software Switch Software NVIDIA NVOS User Manual for NVLink Switches v25.02.2141 Access Control List Commands

On This Page

nv show acl
nv unset acl
nv show acl id
nv set/unset acl id
nv set/unset acl type
nv show acl rule
nv show acl rule id
nv set/unset acl rule
nv set/unset acl rule remark
nv show acl rule action
nv set/unset acl rule action permit
nv set/unset acl rule action deny
nv set/unset acl rule action log log-prefix
nv show acl rule match
nv set/unset acl rule match
nv show acl rule match ip
nv set/unset acl rule match ip
nv show acl rule match ip udp
nv show acl rule match ip udp dest-port
nv set/unset acl rule match ip udp dest-port
nv show acl rule match ip udp source-port
nv set/unset acl rule match ip udp source-port
nv show acl rule match ip tcp
nv show acl rule match ip tcp dest-port
nv set/unset acl rule match ip tcp dest-port
nv show acl rule match ip tcp source-port
nv set/unset acl rule match ip tcp source-port
nv show acl rule match ip tcp flags
nv set/unset acl rule match ip tcp flags
nv show acl rule match ip tcp mask
nv set/unset acl rule match ip tcp mask
nv set/unset acl rule match ip tcp mss
nv set/unset acl rule match ip tcp all-mss-except
nv set/unset acl rule match ip fragment
nv show acl rule match ip ecn
nv set/unset acl rule match ip ecn
nv set/unset acl rule match ip ecn ip-ect
nv set/unset acl rule match ip ecn flags
nv show acl rule match ip connection-state
nv set/unset acl rule match ip connection-state
nv show acl rule match ip extension-header
nv set/unset acl rule match ip extension-header type
nv show acl rule match ip routing-header
nv set/unset acl ACL rule match ip routing-header type
nv set/unset acl ACL rule match ip source-ip
nv set/unset acl ACL rule match ip dest-ip
nv set/unset acl rule match ip protocol
nv set/unset acl rule match ip icmp-type
nv set/unset acl rule match ip icmpv6-type
nv show acl rule match ip recent-list
nv set/unset acl rule match ip recent-list name
nv set/unset acl rule match ip recent-list action
nv set/unset acl rule match ip recent-list hit-count
nv set/unset acl rule match ip recent-list update-interval
nv show acl rule match ip hashlimit
nv set/unset acl rule match ip hashlimit name
nv set/unset acl rule match ip hashlimit rate-above
nv set/unset acl rule match ip hashlimit burst
nv set/unset acl rule match ip hashlimit expire
nv set/unset acl rule match ip hashlimit mode
nv set/unset acl rule match ip hashlimit destination-mask
nv set/unset acl rule match ip hashlimit source-mask
nv show interface acl
nv show interface acl id
nv show interface acl statistics
nv show interface acl statistics
nv show interface acl outbound
nv show interface acl outbound control-plane
nv show interface acl inbound
nv show interface acl inbound control-plane
nv set/unset interface acl inbound
nv set/unset interface acl inbound control-plane
nv set/unset interface acl outbound control-plane
nv set/unset interface acl outbound
nv action clear acl counters
nv set acl rule action set dscp

Access Control List Commands

nv show acl

	nv show acl Display all available ACLs on the system.
Syntax Description	N/A
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL type Summary -------------------------- ---- ------------------- ACL1 ipv4 rule: 1 Test ipv4 rule: 2 rule: 3 rule: 4 ... ACL_MGMT_INBOUND_DEFAULT ipv6 rule: 10 rule: 20 rule: 30 rule: 40 ... custom ipv6 rule: 5`
REST API	GET https://<ip>/nvue_v1/acl
Related Commands	nv set acl
Notes	By default, there are ACLs configured on the system as part of the default rules. The corresponding ACL names are as follows: ACL_LOOPBACK_INBOUND_CP_DEFAULT—IPv4 default rules bound to the loopback interface in the inbound control-plane direction ACL_LOOPBACK_INBOUND_CP_DEFAULT_IPV6—IPv6 default rules bound to the loopback interface in the inbound control-plane direction ACL_MGMT_INBOUND_CP_DEFAULT—IPv4 default rules bound to the mgmt interface in the inbound control-plane direction ACL_MGMT_INBOUND_CP_DEFAULT_IPV6—IPv6 default rules bound to the mgmt interface in the inbound control-plane direction ACL_MGMT_INBOUND_DEFAULT—IPv4 default rules bound to the mgmt interface in the inbound direction ACL_MGMT_INBOUND_DEFAULT_IPV6—IPv6 default rules bound to the mgmt interface in the inbound direction ACL_MGMT_OUTBOUND_CP_DEFAULT— IPv4 default rules bound to the mgmt interface in the outbound control-plane direction ACL_MGMT_OUTBOUND_CP_DEFAULT_IPV6—IPv6 default rules bound to the mgmt interface in the outbound control-plane direction Each ACL can have either IPv4 or IPv6.

nv unset acl

	nv unset acl Clear all the new configured ACLs and restore the original default ACLs.
Syntax Description	N/A
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv unset acl`
REST API	DELETE https://<ip>/nvue_v1/acl
Related Commands	nv show acl
Notes	This command will remove the modifications/extra ACLs configured on the system and restore to the original default ACLs.

nv show acl id

	nv show acl <acl-id> Get ACL <acl-id> information (i.e., rule-ids and the ACL type: ipv4 or ipv6).
Syntax Description	acl-id	ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_DEFAULT operational applied ---- ----------- ------- type ipv4 ipv4 rule ======= Number Summary ------ -------------------------------------- 10 action: deny match.ip.protocol: tcp match.ip.tcp.all-mss-except: 536-65535`
REST API	GET https://<ip>/nvue_v1/acl/<acl-id>
Related Commands	nv show acl
Notes

nv set/unset acl id

	nv set acl <acl-id> nv unset acl <acl-id> Create a new custom ACL Delete an existing ACL.
Syntax Description	acl-id	New, custom ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$nv set acl EXAMPLE_ACL`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/<acl-id>
Related Commands	nv show acl
Notes	ACL name can be chosen to any generic name but is important later on binding multiple ACLs on the same interface and same direction since ACLs list of rules will be ordered with lexicographical order. For example, ACL with name 'A' that has 10 rules and acl with name 'B' with 5 rules, if bound to the same direction on the same interface, the 10 rules of acl 'A' will be before the 5 rules of acl 'B'. This command is not enough for applying this custom acl, it needs to have at least one rule in it and needs to belong to the ip type either ipv4 or ipv6. The unset command will not remove the specified ACL if it is bound to an interface. The user must unbind it and then use this command to delete the ACL. Unset of default ACL will restore the original list of rules of that ACL.

nv set/unset acl type

	nv set acl <acl-id> type <acl-type> nv unset acl <acl-id> type <acl-type> Add ACL type, whether it is an IPv4 or IPv6 ACL.
Syntax Description	acl-id	New, custom ACL name
	acl-type	Enum: ipv4 \| ipv6
History	25.02.1884
Example
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/<acl-id>/type/
Related Commands	nv show acl
Notes	Each ACL must have a type

nv show acl rule

	nv show acl <acl-id> rule Display all the rules configured on the specified ACL.
Syntax Description	acl-id	ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule Number Summary ------ ---------------------------------------- 1 action: log 10 action: deny match.ip.dest-ip: 127.0.0.0/8 20 action: permit 30 action: deny match.ip.protocol: tcp 40 action: deny match.ip.protocol: tcp 50 action: deny match.ip.protocol: tcp 60 action: deny match.ip.protocol: tcp 70 action: deny 80 action: deny match.ip.protocol: tcp 90 action: deny match.ip.protocol: tcp 100 action: deny 110 match.ip.protocol: tcp`
REST API	GET https://<ip>/nvue_v1/acl/<acl-id>/rule
Related Commands	nv show acl <acl-id>
Notes

nv show acl rule id

	nv show acl <acl-id> rule <rule-id> Show ACL rule <rule-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 10 operational applied ----------- ----------- ----------- match ip dest-ip 127.0.0.0/8 127.0.0.0/8 action deny deny`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule

	nv set acl <acl-id> rule <rule-id> nv unset acl <acl-id> rule <rule-id> Set/remove ACL rule <rule-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 10`
REST API	PATH https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	This command is used to declare the specified rule with the specified ACL. Mere application of configuration is insufficient. Matching criteria on either the packet or action for this rule must be specified in order to be effective.

nv set/unset acl rule remark

	nv set acl <acl-id> rule <rule-id> remark <string> nv unset acl <acl-id> rule <rule-id> remark <string> Set/remove ACL rule <rule-id> remark configurations (remark is the same as description).
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 20 remark "MY-PROTECTIVE-RULE"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/deny
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The remark acts the same as a description of a rule.

nv show acl rule action

	nv show acl <acl-id> rule <rule-id> action Show ACL rule <rule-id> action configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 10 action operational applied ----------- ------- deny deny`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule action permit

	nv set acl <acl-id> rule <rule-id> action permit nv unset acl <acl-id> rule <rule-id> action permit Set/remove ACL rule <rule-id> action permit.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 10 action permit`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/permit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Only one action per rule can be specified. Any rule matching the specified rule will be accepted to the system. Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv set/unset acl rule action deny

	nv set acl <acl-id> rule <rule-id> action deny nv unset acl <acl-id> rule <rule-id> action deny Set/remove ACL rule <rule-id> action deny.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 20 action deny`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/deny
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Only one action per rule can be specified. Any rule matching the specified rule will be rejected by the system and will be processed any further. Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv set/unset acl rule action log log-prefix

	nv set acl <acl-id> rule <rule-id> action log log-prefix <str> nv unset acl <acl-id> rule <rule-id> action log log-prefix <str> Set/remove ACL rule <rule-id> action log log-prefix <str>.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	log-prefix-str	String
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 20 action log` Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 30 action log log-prefix "Dropped-by-custom-acl"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/log PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/log/log-prefix/<log-prefix-str>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Only one action per rule can be specified. Log-prefix can be set to empty string. Any packet matching specified rule with logging action will be logged to netfilter log. Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv show acl rule match

	nv show acl <acl-id> rule <rule-id> match Show ACL rule <rule-id> match configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 10 match operational applied --------- ----------- ----------- ip dest-ip 127.0.0.0/8 127.0.0.0/8`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Currently, displaying the matching criteria for the rule only contains layer 3 and 4 filtering criteria in the OSI model.

nv set/unset acl rule match

	nv set acl <acl-id> rule <rule-id> match nv unset acl <acl-id> rule <rule-id> match Set/remove ACL rule <rule-id> match.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl user_custom_acl rule 20 match`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Leaving a rule with empty matching criteria will cause the rule to match any packet. The unset form of the command will remove the match criteria of the rule.

nv show acl rule match ip

	nv show acl <acl-id> rule <rule-id> match ip Show ACL rule <rule-id> match IP configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 10 match ip operational applied --------- ----------- ----------- dest-ip 127.0.0.0/8 127.0.0.0/8`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Displays the matching IP criteria for the rule.

nv set/unset acl rule match ip

	nv set acl <acl-id> rule <rule-id> match ip nv unset acl <acl-id> rule <rule-id> match ip Set/remove ACL rule <rule-id> match ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv unset acl user_custom_acl rule 20 match ip`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Leaving a rule with empty IP matching criteria will cause the rule to match any packet. The unset command will remove the IP match criteria of the rule.

nv show acl rule match ip udp

	nv show acl <acl-id> rule <rule-id> match ip udp Show ACL rule <rule-id> match IP UDP configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 650 match ip udp operational applied ----------- ----------- ------- [dest-port] 53 53`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching UDP IP criteria for the rule. The output primarily contains either the source port or destination port.

nv show acl rule match ip udp dest-port

	nv show acl <acl-id> rule <rule-id> match ip udp dest-port Show ACL rule <rule-id> match IP UDP dest-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl custom-acl rule 650 match ip udp dest-port Ports ----- 53 22`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/dest-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The command displays the matching dest-port of UDP IP criteria for the rule. The rule can have more than dest-port configured.

nv set/unset acl rule match ip udp dest-port

	nv set acl <acl-id> rule <rule-id> match ip udp dest-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip udp dest-port <port-num> Configure/remove ACL rule <rule-id> match IP UDP dest-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum: ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp, http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp, snmp, snmp-trap, ssh, telnet, tftp \| ip-port-range)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp dest-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp dest-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/dest-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than dest-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip udp source-port

	nv show acl <acl-id> rule <rule-id> match ip udp source-port Show ACL rule <rule-id> match IP UDP source-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl custom-acl rule 650 match ip udp source-port Ports ----- 53 22`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/source-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching dest-port of UDP IP criteria for the rule. The rule can have more than dest-port configured.

nv set/unset acl rule match ip udp source-port

	nv set acl <acl-id> rule <rule-id> match ip udp source-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip udp source-port <port-num> Configure/remove ACL rule <rule-id> match IP UDP source-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum:ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp \| ip-port-range)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp source-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp source-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/source-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than source-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip tcp

	nv show acl <acl-id> rule <rule-id> match ip tcp Show ACL rule <rule-id> match ip tcp configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 650 match ip tcp operational applied ----------- ----------- ------- [dest-port] 53 53` Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_DEFAULT rule 10 match ip tcp operational applied -------------- ----------- --------- all-mss-except 536-65535 536-65535`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching UDP IP criteria for the rule. The output primarily contains any of the source-port, dest-port, flags, mask, mss, all-mss-except.

nv show acl rule match ip tcp dest-port

	nv show acl <acl-id> rule <rule-id> match ip tcp dest-port Show ACL rule <rule-id> match IP TCP dest-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl custom-acl rule 650 match ip tcp dest-port Ports ----- 53 22`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/dest-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching dest-port of TCP IP criteria for the rule. The rule can have more than dest-port configured.

nv set/unset acl rule match ip tcp dest-port

	nv set acl <acl-id> rule <rule-id> match ip tcp dest-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip tcp dest-port <port-num> Configure/remove ACL rule <rule-id> match ip tcp dest-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum: ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp \| ip-port-range)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp dest-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp dest-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/dest-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than source-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip tcp source-port

	nv show acl <acl-id> rule <rule-id> match ip tcp source-port Show ACL rule <rule-id> match IP TCP source-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl custom-acl rule 650 match ip tcp source-port Ports ----- 53 22`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/source-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching dest-port of UDP IP criteria for the rule. The rule can have more than the dest-port configured.

nv set/unset acl rule match ip tcp source-port

	nv set acl <acl-id> rule <rule-id> match ip tcp source-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip tcp source-port <port-num> Configure/remove ACL rule <rule-id> match ip tcp source-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum:ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp \| ip-port-range)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp source-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp source-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/source-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than source-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip tcp flags

	nv show acl <acl-id> rule <rule-id> match ip tcp flags Show ACL rule <rule-id> match ip tcp flags configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 60 match ip tcp flags -o json { "none": {} }`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip tcp flags

	nv set acl <acl-id> rule <rule-id> match ip tcp flags (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) nv unset acl <acl-id> rule <rule-id> match ip tcp flags (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) Configure/remove ACL rule <rule-id> match ip tcp flags <flag-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	flag-id	enum: (syn \| ack \| fin \| rst \| urg \| psh \| all \| none)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp flags all admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp flags urg admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp flags psh admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp flags syn`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags/<flag-id>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user can configure multiple flags that are not 'none' or 'all'. The flag configurations must come with TCP mask configurations.

nv show acl rule match ip tcp mask

	nv show acl <acl-id> rule <rule-id> match ip tcp mask ACL rule <rule-id> match IP TCP mask configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 60 match ip tcp mask -o json { "ack": {}, "fin": {}, "rst": {}, "syn": {} }`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/mask
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip tcp mask

	nv set acl <acl-id> rule <rule-id> match ip tcp mask (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) nv unset acl <acl-id> rule <rule-id> match ip tcp mask (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) Configure/remove ACL rule <rule-id> match ip tcp mask <flag-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	flag-id	enum: (syn \| ack \| fin \| rst \| urg \| psh \| all \| none)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp mask all admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mask urg admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mask psh admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mask syn`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags/<flag-id>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user can configure multiple flags that are not 'none' or 'all'. The flag configurations must come with TCP mask configurations.

nv set/unset acl rule match ip tcp mss

	nv set acl <acl-id> rule <rule-id> match ip tcp mss <mss-format> nv unset acl <acl-id> rule <rule-id> match ip tcp mss <mss-format> Configure/remove ACL rule <rule-id> match ip tcp mss configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mss-format	tcpmss value could be an integer or a range. Examples: "0-1", "536-65535", "65000", "128"
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp mss 536 admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mss 536-65535`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/mss/<mss-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The command will match TCP packets with the specified MSS values.

nv set/unset acl rule match ip tcp all-mss-except

	nv set acl <acl-id> rule <rule-id> match ip tcp all-mss-except <mss-format> nv unset acl <acl-id> rule <rule-id> match ip tcp all-mss-except <mss-format> Configure/remove ACL rule <rule-id> match ip tcp all-mss-except configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mss-format	tcpmss value could be an integer or a range. Examples: "0-1", "536-65535", "65000", "128"
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp all-mss-except 536 admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp all-mss-except 536-65535`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/all-mss-except/<mss-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The command will match all TCP packets with MSS value different than the specified MSS values.

nv set/unset acl rule match ip fragment

	nv set acl <acl-id> rule <rule-id> match ip fragment nv unset acl <acl-id> rule <rule-id> match ip fragment Configure/remove ACL rule <rule-id> match IP fragment configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip fragment`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/fragment
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Match fragmented packets.

nv show acl rule match ip ecn

	nv show acl <acl-id> rule <rule-id> match ip ecn Configure/remove ACL rule <rule-id> match IP ECN configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$nv show acl b rule 1 match ip ecn operational applied ------ ----------- ------- ip-ect 3 3`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip ecn

	nv set acl <acl-id> rule <rule-id> match ip ecn nv unset acl <acl-id> rule <rule-id> match ip ecn Configure/remove ACL rule <rule-id> match IP ECN configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv unset acl custom-acl rule 650 match ip ecn`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip ecn ip-ect

	nv set acl <acl-id> rule <rule-id> match ip ecn ip-ect <ip-ect-num> nv unset acl <acl-id> rule <rule-id> match ip ecn ip-ect <ip-ect-num> Configure/remove ACL rule <rule-id> match IP ECN ip-ect configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	ip-ect	ip-ect (integer: 0-3)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip ecn ip-ect 0`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/ip-ect
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip ecn flags

	nv set acl <acl-id> rule <rule-id> match ip ecn flags <ecn-flag> nv unset acl <acl-id> rule <rule-id> match ip ecn flags <ecn-flag> Configure/remove ACL rule <rule-id> match IP ECN ip-ect configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	en-flag	enum: tcp-cwr \| tcp-ece
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 650 match ip ecn flags tcp-cwr`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/flags/<flag-id>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show acl rule match ip connection-state

	nv show acl <acl-id> rule <rule-id> match ip connection-state Show ACL rule <rule-id> match IP connection-state configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_OUTBOUND_CP_DEFAULT_IPV6 rule 10 match ip connection-state -o json { "related": {}, "new": {} }`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/connection-state
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip connection-state

	nv set acl <acl-id> rule <rule-id> match ip connection-state <state-id> nv unset acl <acl-id> rule <rule-id> match ip connection-state <state-id> Configure/remove ACL rule <rule-id> match IP connection-state <state-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	state-id	state-id can be: established, invalid, new, related
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip connection-state new`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/ip-ect
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Multiple connection-states can be configured.

nv show acl rule match ip extension-header

	nv show acl <acl-id> rule <rule-id> match ip extension-header Show ACL rule <rule-id> match IP extension-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL1 rule 1 match ip extension-header operational applied --------------------- ------------------------- ------------------------ type hop-by-hop hop-by-hop`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/extension-header
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip extension-header type

	nv set acl <acl-id> rule <rule-id> match ip extension-header type <hop-by-hop> nv unset acl <acl-id> rule <rule-id> match ip extension-header type <hop-by-hop> Configure/remove ACL rule <rule-id> match IP extension-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip extension-header type hop-by-hop`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/extension-header/type/<type>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	This configuration is relevant to IPv6 ACLs only. Matches '-m hbh' in ip6tables tool

nv show acl rule match ip routing-header

	nv show acl <acl-id> rule <rule-id> match ip routing-header Show ACL rule <rule-id> match ip routing-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT_IPV6 rule 850 match ip routing-header operational applied ---- ----------- ------- type 0 0`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/routing-header
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl ACL rule match ip routing-header type

	nv set acl <acl-id> rule <rule-id> match ip routing-header type <hop-by-hop> nv unset acl <acl-id> rule <rule-id> match ip routing-header type <hop-by-hop> Configure/remove ACL rule <rule-id> match ip routing-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip extension-header type 0`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/routing-header/type/<type>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	This configuration is relevant to IPv6 ACLs only. Matches '-m rt' in ip6tables tool

nv set/unset acl ACL rule match ip source-ip

	nv set acl <acl-id> rule <rule-id> match ip source-ip <ip-format> nv unset acl <acl-id> rule <rule-id> match ip source-ip <ip-format> Configure/remove ACL rule <rule-id> match ip source-ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	source-ip	(ANY \| <ipv4> \| <ipv6> \| <ipv4-prefix> \| <ipv6-prefix> \| <ipv4-netmask> \| <ipv6-netmask>)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip source-ip 127.0.0.1/8`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/source-ip/<ip-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user cannot configure IPv4 address on an ACL with IPv6 and vice versa.

nv set/unset acl ACL rule match ip dest-ip

	nv set acl <acl-id> rule <rule-id> match ip dest-ip <ip-format> nv unset acl <acl-id> rule <rule-id> match ip dest-ip <ip-format> Configure/remove ACL rule <rule-id> match ip dest-ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	dest-ip	(ANY \| <ipv4> \| <ipv6> \| <ipv4-prefix> \| <ipv6-prefix> \| <ipv4-netmask> \| <ipv6-netmask>)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip dest-ip 127.0.0.1/8`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/dest-ip/<ip-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user cannot configure IPv4 address on an ACL with IPv6 and vice versa.

nv set/unset acl rule match ip protocol

	nv set acl <acl-id> rule <rule-id> match ip protocol <protocol-format> nv unset acl <acl-id> rule <rule-id> match ip protocol <protocol-format> Configure/remove ACL rule <rule-id> match IP dest-ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	protocol-format	(0-255 \| tcp \| udp \| icmp \| icmpv6)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip protocol tcp`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/protocol/<protocol-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip icmp-type

	nv set acl <acl-id> rule <rule-id> match ip icmp-type <icmp-format> nv unset acl <acl-id> rule <rule-id> match ip icmp-type <icmp-format> Configure/remove ACL rule <rule-id> match IP ICMP-type configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	icmp-format	(0-255 \| echo-reply \| echo-request \| time-exceeded \| dest-unreachable \| port-unreachable)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type echo-reply` Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type 9`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/icmp-type/<icmp-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The protocol must be specified to be ICMP Copy Copied! `$nv set acl custom-acl rule 10 match ip protocol icmp` IPv4 type must be specified for the configured ACL.

nv set/unset acl rule match ip icmpv6-type

	nv set acl <acl-id> rule <rule-id> match ip icmpv6-type <icmp-format> nv unset acl <acl-id> rule <rule-id> match ip icmpv6-type <icmp-format> Configure/remove ACL rule <rule-id> match IP ICMPv6-type configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	icmpv6-format	(0-255 \| router-solicitation \| router-advertisement \| neighbor-solicitation \| neighbor-advertisement)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type router-solicitation` Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type 9`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/icmpv6-type/<icmpv6-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The protocol must be specified to be ICMPv6. Copy Copied! `$nv set acl custom-acl rule 10 match ip protocol icmpv6` IPv6 type must be specified for the configured ACL.

nv show acl rule match ip recent-list

	nv show acl <acl-id> rule <rule-id> match ip recent-list Show ACL rule <rule-id> match ip recent-list configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT_IPV6 rule 600 match ip recent-list operational applied --------------- ----------- ------- name UDP UDP update-interval 60 60 hit-count 100 100 action update update`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'recent' iptables module. Used to filter IP address that passes a specific rate. In the above example, the rate is 100 packets per 60 seconds, if a source-ip sends more than this rate, the IP address will be blocked.

nv set/unset acl rule match ip recent-list name

	nv set acl <acl-id> rule <rule-id> match ip recent-list name <generic-name> nv unset acl <acl-id> rule <rule-id> match ip recent-list name <generic-name> Configure/remove ACL rule <rule-id> match IP recent-list name configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list name "EXAMPLE"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-list For action set: configure name and action=set For action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv set/unset acl rule match ip recent-list action

	nv set acl <acl-id> rule <rule-id> match ip recent-list action (set \| update) nv unset acl <acl-id> rule <rule-id> match ip recent-list action (set \| update) Configure/remove ACL rule <rule-id> match IP recent-list action configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list action update`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-list For action set: configure name and action=set For action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv set/unset acl rule match ip recent-list hit-count

	nv set acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295) nv unset acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295) Configure/remove ACL rule <rule-id> match ip recent-list hit-count configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list hit-count 100`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-list For action set: configure name and action=set For action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv set/unset acl rule match ip recent-list update-interval

	nv set acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295) nv unset acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295) Configure/remove ACL rule <rule-id> match ip recent-list update-interval configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list update-interval 60`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-list For action set: configure name and action=set For action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv show acl rule match ip hashlimit

	nv show acl <acl-id> rule <rule-id> match ip hashlimit Show ACL rule <rule-id> match ip hashlimit configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT_IPV6 rule 870 match ip hashlimit operational applied ----------- ----------- ---------- name LOGGING LOGGING rate-above 1/min 1/min burst 5 5 source-mask 128 128 expire 4294967295 4294967295 mode src-ip src-ip`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. This is another way to filter IP addresses. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit name

	nv set acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name> nv unset acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name> Configure/remove ACL rule <rule-id> match IP hashlimit name configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit name "Limiter"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit rate-above

	nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit rate-above <rate-format> Configure/remove ACL rule <rule-id> match IP hashlimit rate configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	rate-format	Rate limit, should be in the following format: integer/time-unit where time-unit is one of [second \| min \| hour]. The max supported rate is 1000000/second
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit rate 2/min`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit burst

	nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit burst <burst-int> Configure/remove ACL rule <rule-id> match IP hashlimit burst configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	burst-int	integer:1–4294967295
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit burst 5`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit expire

	nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit expire <expire-int> Configure/remove ACL rule <rule-id> match IP hashlimit expire configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	expire-int	integer:1–4294967295
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit expire 3`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit mode

	nv set acl <acl-id> rule <rule-id> match ip hashlimit mode <mode> nv unset acl <acl-id> rule <rule-id> match ip hashlimit mode <mode> Configure/remove ACL rule <rule-id> match IP hashlimit mode configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mode	(enum:src-ip, dst-ip \| string)
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit mode src-ip`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit destination-mask

	nv set acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <mask> nv unset acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <mask> Configure/remove ACL rule <rule-id> match IP hashlimit destination-mask configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mask	integer: for ipv4 the range is 0-32 and for ipv6 the range is 0-128
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit destination-mask 32`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit source-mask

	nv set acl <acl-id> rule <rule-id> match ip hashlimit source-mask <mask> nv unset acl <acl-id> rule <rule-id> match ip hashlimit source-mask <mask> Configure/remove ACL rule <rule-id> match ip hashlimit source-mask configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mask	Integer: IPv4 range: 0–32 IPv6 range: 0–128
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit source-mask 32`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv show interface acl

	nv show interface <iface-id> acl Display the acl bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show 1 10 20 30 ... 740 750 760 770 780 ACL_MGMT_INBOUND_CP_DEFAULT_IPV6 10 20 30 ... 800 810 820 830 840 850 860 870 880 ACL_MGMT_INBOUND_DEFAULT 10 ACL_MGMT_INBOUND_DEFAULT_IPV6 10 ACL_MGMT_OUTBOUND_CP_DEFAULT 10 20 ACL_MGMT_OUTBOUND_CP_DEFAULT_IPV6 10 20 class="keyword">interface` eth0 acl Out Packets Out Bytes ----------- --------- `15620` `2481722` `0` `0` `14437` `1118906` `0` `0` `0` `0` `0` `0` `28` `2352` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `0` `5` `296` `0` `0` `0` `0` `9750` `1885408` `45` `4680` `160` `13308`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl id

	nv show interface <iface-id> acl <acl-id> Display the given acl-id bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl ACL_MGMT_OUTBOUND_CP_DEFAULT Statistics ============= Rule In Packet In Byte Out Packet Out Byte Layer Remark Action Summary ---- --------- ------- ---------- -------- ----- ------ ------ ------- 10 0 0 ip deny 20 9767 1902332 permit`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl statistics

	nv show interface <iface-id> acl <acl-id> statistics Display the given acl-id statistics bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl ACL_MGMT_OUTBOUND_CP_DEFAULT statistics Rule In Packet In Byte Out Packet Out Byte Layer Remark Action Summary ---- --------- ------- ---------- -------- ----- ------ ------ ------- 10 0 0 ip deny 20 9767 1902332 permit`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/statistics
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl statistics

	nv show interface <iface-id> acl <acl-id> statistics <rule-id> Display the given acl-id statistics bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl ACL_MGMT_INBOUND_DEFAULT statistics 10 operational applied -------------------- ----------- ------- match ip protocol tcp tcp all-mss-except 536-65535 action deny inbound packet 5 byte 296`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/statistics/{rule-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl outbound

	nv show interface <iface-id> acl <acl-id> outbound Display the given acl-id bound to the interface in the outbound direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl ACL_MGMT_OUTBOUND_CP_DEFAULT outbound Statistics ============= No Data`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface acl outbound control-plane

	nv show interface <iface-id> acl <acl-id> outbound control-plane Display the given acl-id bound to the interface in the outbound control-plane direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl ACL_MGMT_OUTBOUND_CP_DEFAULT outbound control-plane Statistics ============= Rule In Packet In Byte Out Packet Out Byte Layer Remark Action Summary ---- --------- ------- ---------- -------- ----- ------ ------ ------- 10 0 0 ip deny 20 9823 1908964 permit`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface acl inbound

	nv show interface <iface-id> acl <acl-id> inbound Display the given acl-id bound to the interface in the inbound direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl ACL_MGMT_OUTBOUND_CP_DEFAULT inbound Statistics ============= Rule In Packet In Byte Out Packet Out Byte Layer Remark Action Summary ---- --------- ------- ---------- -------- ----- ------ ------ -------------------------------------- 10 5 296 ip deny match.ip.protocol: tcp match.ip.tcp.all-mss-except: 536-65535`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface acl inbound control-plane

	nv show interface <iface-id> acl <acl-id> Display the given acl-id bound to the interface in the inbound direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv show interface eth0 acl AAA inbound control-plane Statistics ============= Rule In Packet In Byte Out Packet Out Byte Layer Remark Action Summary ---- --------- ------- ---------- -------- ----- ------ ------ -------------------------------------- 10 5 296 ip deny match.ip.protocol: tcp match.ip.tcp.all-mss-except: 536-65535`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv set/unset interface acl inbound

	nv set interface <iface-id> acl <acl-id> inbound nv unset interface <iface-id> acl <acl-id> inbound Configure/remove the binding of the given ACL on the specified interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set interface eth0 acl ACL1 inbound`
REST API	PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inboun
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set/unset interface acl inbound control-plane

	nv set interface <iface-id> acl <acl-id> inbound control-plane nv unset interface <iface-id> acl <acl-id> inbound control-plane Configure/remove the binding of the given ACL on the specified interface.
Syntax Description	iface-id	interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set interface eth0 acl ACL1 inbound control-plane`
REST API	PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane
	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set/unset interface acl outbound control-plane

	nv set interface <iface-id> acl <acl-id> inbound control-plane nv unset interface <iface-id> acl <acl-id> inbound control-plane Configure/remove the binding of the given ACL on the specified interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set interface eth0 acl ACL1 outbound control-plane`
REST API	PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set/unset interface acl outbound

	nv set interface <iface-id> acl <acl-id> outbound nv unset interface <iface-id> acl <acl-id> outbound Configure/remove the binding of the given ACL on the specified interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv set interface eth0 acl ACL1 outbound`
REST API	PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv action clear acl counters

	nv action clear acl counters Clear the ACL counters in the show command.
Syntax Description	N/A
History	25.02.1884
Example	Copy Copied! `admin@nvos:~$ nv action clear acl counters`
REST API	POST https://<ip>/nvue_v1/acl
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set acl rule action set dscp

	nv set acl rule action set dscp Set DSCP value for packets.
Syntax Description	acl-id	ACL ID to manipulate
	rule-id	Rule to configure dscp
	Dscp-value	It could be enum or an integer. Enums supported: af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 be ef Or an integer in the range [0,63]
History	25.02.2141
Example	Copy Copied! `admin@nvos:~$ nv set acl ACL1 rule 10 action set dscp ef`
REST API	PATCH https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/set
Related Commands	nv show acl rule action
Notes	Supported only for the management interface. Configurable only in inbound and outbound directions!

© Copyright 2025, NVIDIA. Last updated on Apr 23, 2025.