Access Control List Commands

nv show acl

Display all available ACLs on the system.

Syntax Description

N/A

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/acl

Related Commands

nv set acl

Notes

nv unset acl

Clear all the new configured ACLs and restore the original default ACLs.

Syntax Description

N/A

History

25.02.2002

Example

REST API

DELETE https://<ip>/nvue_v1/acl

Related Commands

nv show acl

Notes

This command will remove the modifications/extra ACLs configured on the system and restore to the original default ACLs.

nv show acl <acl-id>

Get ACL <acl-id> information (i.e., rule-ids and the ACL type: ipv4 or ipv6).

Syntax Description

acl-id

ACL name

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/<acl-id>

Related Commands

nv show acl

Notes

nv set acl <acl-id>

nv unset acl <acl-id>

Create a new custom ACL

Delete an existing ACL.

Syntax Description

acl-id

New, custom ACL name

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/<acl-id>

Related Commands

nv show acl

Notes

• ACL name can be chosen to any generic name but is important later on binding multiple ACLs on the same interface and same direction since ACLs list of rules will be ordered with lexicographical order.

  • For example, ACL with name 'A' that has 10 rules and acl with name 'B' with 5 rules, if bound to the same direction on the same interface, the 10 rules of acl 'A' will be before the 5 rules of acl 'B'.

• This command is not enough for applying this custom acl, it needs to have at least one rule in it and needs to belong to the ip type either ipv4 or ipv6.

• The unset command will not remove the specified ACL if it is bound to an interface. The user must unbind it and then use this command to delete the ACL.

• Unset of default ACL will restore the original list of rules of that ACL.

nv set acl <acl-id> type <acl-type>

nv unset acl <acl-id> type <acl-type>

Add ACL type, whether it is an IPv4 or IPv6 ACL.

Syntax Description

acl-id

New, custom ACL name

acl-type

Enum: ipv4 | ipv6

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/<acl-id>/type/

Related Commands

nv show acl

Notes

Each ACL must have a type

nv show acl <acl-id> rule

Display all the rules configured on the specified ACL.

Syntax Description

acl-id

ACL name

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/<acl-id>/rule

Related Commands

nv show acl <acl-id>

Notes

nv show acl <acl-id> rule <rule-id>

Show ACL rule <rule-id> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id>

nv unset acl <acl-id> rule <rule-id>

Set/remove ACL rule <rule-id> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATH https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• This command is used to declare the specified rule with the specified ACL.

• Mere application of configuration is insufficient. Matching criteria on either the packet or action for this rule must be specified in order to be effective.

nv set acl <acl-id> rule <rule-id> remark <string>

nv unset acl <acl-id> rule <rule-id> remark <string>

Set/remove ACL rule <rule-id> remark configurations (remark is the same as description).

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/deny

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

The remark acts the same as a description of a rule.

nv show acl <acl-id> rule <rule-id> action

Show ACL rule <rule-id> action configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> action permit

nv unset acl <acl-id> rule <rule-id> action permit

Set/remove ACL rule <rule-id> action permit.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/permit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Only one action per rule can be specified.

• Any rule matching the specified rule will be accepted to the system.

• Leaving a rule with no action will make the action as "permit" by default

nv set acl <acl-id> rule <rule-id> action deny

nv unset acl <acl-id> rule <rule-id> action deny

Set/remove ACL rule <rule-id> action deny.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/deny

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Only one action per rule can be specified.

• Any rule matching the specified rule will be rejected by the system and will be processed any further.

• Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv set acl <acl-id> rule <rule-id> action log log-prefix <str>

nv unset acl <acl-id> rule <rule-id> action log log-prefix <str>

Set/remove ACL rule <rule-id> action log log-prefix <str>.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

log-prefix-str

String

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/log

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/log/log-prefix/<log-prefix-str>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Only one action per rule can be specified.

• Log-prefix can be set to empty string.

• Any packet matching specified rule with logging action will be logged to netfilter log.

• Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv show acl <acl-id> rule <rule-id> match

Show ACL rule <rule-id> match configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

Currently, displaying the matching criteria for the rule only contains layer 3 and 4 filtering criteria in the OSI model.

nv set acl <acl-id> rule <rule-id> match

nv unset acl <acl-id> rule <rule-id> match

Set/remove ACL rule <rule-id> match.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Leaving a rule with empty matching criteria will cause the rule to match any packet.

• The unset form of the command will remove the match criteria of the rule.

nv show acl <acl-id> rule <rule-id> match ip

Show ACL rule <rule-id> match IP configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

Displays the matching IP criteria for the rule.

nv set acl <acl-id> rule <rule-id> match ip

nv unset acl <acl-id> rule <rule-id> match ip

Set/remove ACL rule <rule-id> match ip configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Leaving a rule with empty IP matching criteria will cause the rule to match any packet.

• The unset command will remove the IP match criteria of the rule.

nv show acl <acl-id> rule <rule-id> match ip udp

Show ACL rule <rule-id> match IP UDP configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Display the matching UDP IP criteria for the rule.

• The output primarily contains either the source port or destination port.

nv show acl <acl-id> rule <rule-id> match ip udp dest-port

Show ACL rule <rule-id> match IP UDP dest-port configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/dest-port

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The command displays the matching dest-port of UDP IP criteria for the rule.

• The rule can have more than dest-port configured.

nv set acl <acl-id> rule <rule-id> match ip udp dest-port <port-num>

nv unset acl <acl-id> rule <rule-id> match ip udp dest-port <port-num>

Configure/remove ACL rule <rule-id> match IP UDP dest-port <port-num> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

port-num

IP port ID (integer: 0–65535 | enum: ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp, http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp, snmp, snmp-trap, ssh, telnet, tftp | ip-port-range)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/dest-port/<port-num>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The rule can have more than dest-port configured.

• Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port.

• The user can configure more than one port on dest-port or source-port.

nv show acl <acl-id> rule <rule-id> match ip udp source-port

Show ACL rule <rule-id> match IP UDP source-port configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/source-port

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Display the matching dest-port of UDP IP criteria for the rule.

• The rule can have more than dest-port configured.

nv set acl <acl-id> rule <rule-id> match ip udp source-port <port-num>

nv unset acl <acl-id> rule <rule-id> match ip udp source-port <port-num>

Configure/remove ACL rule <rule-id> match IP UDP source-port <port-num> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

port-num

IP port ID (integer: 0–65535 | enum:ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp | ip-port-range)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/source-port/<port-num>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The rule can have more than source-port configured.

• Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port.

• The user can configure more than one port on dest-port or source-port.

nv show acl <acl-id> rule <rule-id> match ip tcp

Show ACL rule <rule-id> match ip tcp configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Display the matching UDP IP criteria for the rule.

• The output primarily contains any of the source-port, dest-port, flags, mask, mss, all-mss-except.

nv show acl <acl-id> rule <rule-id> match ip tcp dest-port

Show ACL rule <rule-id> match IP TCP dest-port configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/dest-port

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Display the matching dest-port of TCP IP criteria for the rule.

• The rule can have more than dest-port configured.

nv set acl <acl-id> rule <rule-id> match ip tcp dest-port <port-num>

nv unset acl <acl-id> rule <rule-id> match ip tcp dest-port <port-num>

Configure/remove ACL rule <rule-id> match ip tcp dest-port <port-num> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

port-num

IP port ID (integer: 0–65535 | enum: ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp | ip-port-range)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/dest-port/<port-num>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The rule can have more than source-port configured.

• Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port.

• The user can configure more than one port on dest-port or source-port.

nv show acl <acl-id> rule <rule-id> match ip tcp source-port

Show ACL rule <rule-id> match IP TCP source-port configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/source-port

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Display the matching dest-port of UDP IP criteria for the rule.

• The rule can have more than the dest-port configured.

nv set acl <acl-id> rule <rule-id> match ip tcp source-port <port-num>

nv unset acl <acl-id> rule <rule-id> match ip tcp source-port <port-num>

Configure/remove ACL rule <rule-id> match ip tcp source-port <port-num> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

port-num

IP port ID (integer: 0–65535 | enum:ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp | ip-port-range)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/source-port/<port-num>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The rule can have more than source-port configured.

• Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port.

• The user can configure more than one port on dest-port or source-port.

nv show acl <acl-id> rule <rule-id> match ip tcp flags

Show ACL rule <rule-id> match ip tcp flags configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip tcp flags (syn | ack | fin | rst | urg | psh | all | none)

nv unset acl <acl-id> rule <rule-id> match ip tcp flags (syn | ack | fin | rst | urg | psh | all | none)

Configure/remove ACL rule <rule-id> match ip tcp flags <flag-id> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

flag-id

enum: (syn | ack | fin | rst | urg | psh | all | none)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags/<flag-id>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The user can configure multiple flags that are not 'none' or 'all'.

• The flag configurations must come with TCP mask configurations.

nv show acl <acl-id> rule <rule-id> match ip tcp mask

ACL rule <rule-id> match IP TCP mask configuration.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/mask

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip tcp mask (syn | ack | fin | rst | urg | psh | all | none)

nv unset acl <acl-id> rule <rule-id> match ip tcp mask (syn | ack | fin | rst | urg | psh | all | none)

Configure/remove ACL rule <rule-id> match ip tcp mask <flag-id> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

flag-id

enum: (syn | ack | fin | rst | urg | psh | all | none)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags/<flag-id>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The user can configure multiple flags that are not 'none' or 'all'.

• The flag configurations must come with TCP mask configurations.

nv set acl <acl-id> rule <rule-id> match ip tcp mss <mss-format>

nv unset acl <acl-id> rule <rule-id> match ip tcp mss <mss-format>

Configure/remove ACL rule <rule-id> match ip tcp mss configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

mss-format

tcpmss value could be an integer or a range.

Examples: "0-1", "536-65535", "65000", "128"

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/mss/<mss-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

The command will match TCP packets with the specified MSS values.

nv set acl <acl-id> rule <rule-id> match ip tcp all-mss-except <mss-format>

nv unset acl <acl-id> rule <rule-id> match ip tcp all-mss-except <mss-format>

Configure/remove ACL rule <rule-id> match ip tcp all-mss-except configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

mss-format

tcpmss value could be an integer or a range.

Examples: "0-1", "536-65535", "65000", "128"

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/all-mss-except/<mss-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

The command will match all TCP packets with MSS value different than the specified MSS values.

nv set acl <acl-id> rule <rule-id> match ip fragment

nv unset acl <acl-id> rule <rule-id> match ip fragment

Configure/remove ACL rule <rule-id> match IP fragment configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/fragment

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

Match fragmented packets.

nv show acl <acl-id> rule <rule-id> match ip ecn

Configure/remove ACL rule <rule-id> match IP ECN configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip ecn

nv unset acl <acl-id> rule <rule-id> match ip ecn

Configure/remove ACL rule <rule-id> match IP ECN configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip ecn ip-ect <ip-ect-num>

nv unset acl <acl-id> rule <rule-id> match ip ecn ip-ect <ip-ect-num>

Configure/remove ACL rule <rule-id> match IP ECN ip-ect configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

ip-ect

ip-ect (integer: 0-3)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/ip-ect

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip ecn flags <ecn-flag>

nv unset acl <acl-id> rule <rule-id> match ip ecn flags <ecn-flag>

Configure/remove ACL rule <rule-id> match IP ECN ip-ect configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

en-flag

enum: tcp-cwr | tcp-ece

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/flags/<flag-id>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv show acl <acl-id> rule <rule-id> match ip connection-state

Show ACL rule <rule-id> match IP connection-state configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/connection-state

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip connection-state <state-id>

nv unset acl <acl-id> rule <rule-id> match ip connection-state <state-id>

Configure/remove ACL rule <rule-id> match IP connection-state <state-id> configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

state-id

state-id can be: established, invalid, new, related

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/ip-ect

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

Multiple connection-states can be configured.

nv show acl <acl-id> rule <rule-id> match ip extension-header

Show ACL rule <rule-id> match IP extension-header configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/extension-header

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip extension-header type <hop-by-hop>

nv unset acl <acl-id> rule <rule-id> match ip extension-header type <hop-by-hop>

Configure/remove ACL rule <rule-id> match IP extension-header configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/extension-header/type/<type>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• This configuration is relevant to IPv6 ACLs only.

• Matches '-m hbh' in ip6tables tool

nv show acl <acl-id> rule <rule-id> match ip routing-header

Show ACL rule <rule-id> match ip routing-header configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/routing-header

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip routing-header type <hop-by-hop>

nv unset acl <acl-id> rule <rule-id> match ip routing-header type <hop-by-hop>

Configure/remove ACL rule <rule-id> match ip routing-header configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/routing-header/type/<type>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• This configuration is relevant to IPv6 ACLs only.

• Matches '-m rt' in ip6tables tool

nv set acl <acl-id> rule <rule-id> match ip source-ip <ip-format>

nv unset acl <acl-id> rule <rule-id> match ip source-ip <ip-format>

Configure/remove ACL rule <rule-id> match ip source-ip configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

source-ip

(ANY | <ipv4> | <ipv6> | <ipv4-prefix> | <ipv6-prefix> | <ipv4-netmask> | <ipv6-netmask>)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/source-ip/<ip-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

The user cannot configure IPv4 address on an ACL with IPv6 and vice versa.

nv set acl <acl-id> rule <rule-id> match ip dest-ip <ip-format>

nv unset acl <acl-id> rule <rule-id> match ip dest-ip <ip-format>

Configure/remove ACL rule <rule-id> match ip dest-ip configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

dest-ip

(ANY | <ipv4> | <ipv6> | <ipv4-prefix> | <ipv6-prefix> | <ipv4-netmask> | <ipv6-netmask>)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/dest-ip/<ip-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

The user cannot configure IPv4 address on an ACL with IPv6 and vice versa.

nv set acl <acl-id> rule <rule-id> match ip protocol <protocol-format>

nv unset acl <acl-id> rule <rule-id> match ip protocol <protocol-format>

Configure/remove ACL rule <rule-id> match IP dest-ip configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

protocol-format

(0-255 | tcp | udp | icmp | icmpv6)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/protocol/<protocol-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl <acl-id> rule <rule-id> match ip icmp-type <icmp-format>

nv unset acl <acl-id> rule <rule-id> match ip icmp-type <icmp-format>

Configure/remove ACL rule <rule-id> match IP ICMP-type configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

icmp-format

(0-255 | echo-reply | echo-request | time-exceeded | dest-unreachable | port-unreachable)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/icmp-type/<icmp-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The protocol must be specified to be ICMP

  Copy

  Copied!

              
  
              
  $nv set acl custom-acl rule 10 match ip protocol icmp
          

• IPv4 type must be specified for the configured ACL.

nv set acl <acl-id> rule <rule-id> match ip icmpv6-type <icmp-format>

nv unset acl <acl-id> rule <rule-id> match ip icmpv6-type <icmp-format>

Configure/remove ACL rule <rule-id> match IP ICMPv6-type configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

icmpv6-format

(0-255 | router-solicitation | router-advertisement | neighbor-solicitation | neighbor-advertisement)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/icmpv6-type/<icmpv6-format>

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• The protocol must be specified to be ICMPv6.

  Copy

  Copied!

              
  
              
  $nv set acl custom-acl rule 10 match ip protocol icmpv6
          

• IPv6 type must be specified for the configured ACL.

nv show acl <acl-id> rule <rule-id> match ip recent-list

Show ACL rule <rule-id> match ip recent-list configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'recent' iptables module.

• Used to filter IP address that passes a specific rate.

  In the above example, the rate is 100 packets per 60 seconds, if a source-ip sends more than this rate, the IP address will be blocked.

nv set acl <acl-id> rule <rule-id> match ip recent-list name <generic-name>

nv unset acl <acl-id> rule <rule-id> match ip recent-list name <generic-name>

Configure/remove ACL rule <rule-id> match IP recent-list name configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• In order to configure recent-list, the user needs to configure action and name for the recent-list

  • For action set: configure name and action=set

  • For action update: configure name and action=update, hit-count and update-interval

• There can be multiple recent-lists in the system and each is distinguished by a name.

• Refer to the documentation of 'recent' in 'iptables' for further information.

nv set acl <acl-id> rule <rule-id> match ip recent-list action (set | update)

nv unset acl <acl-id> rule <rule-id> match ip recent-list action (set | update)

Configure/remove ACL rule <rule-id> match IP recent-list action configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• In order to configure recent-list, the user needs to configure action and name for the recent-list

  • For action set: configure name and action=set

  • For action update: configure name and action=update, hit-count and update-interval

• There can be multiple recent-lists in the system and each is distinguished by a name.

• Refer to the documentation of 'recent' in 'iptables' for further information.

nv set acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295)

nv unset acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295)

Configure/remove ACL rule <rule-id> match ip recent-list hit-count configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• In order to configure recent-list, the user needs to configure action and name for the recent-list

  • For action set: configure name and action=set

  • For action update: configure name and action=update, hit-count and update-interval

• There can be multiple recent-lists in the system and each is distinguished by a name.

• Refer to the documentation of 'recent' in 'iptables' for further information.

nv set acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295)

nv unset acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295)

Configure/remove ACL rule <rule-id> match ip recent-list update-interval configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• In order to configure recent-list, the user needs to configure action and name for the recent-list

  • For action set: configure name and action=set

  • For action update: configure name and action=update, hit-count and update-interval

• There can be multiple recent-lists in the system and each is distinguished by a name.

• Refer to the documentation of 'recent' in 'iptables' for further information.

nv show acl <acl-id> rule <rule-id> match ip hashlimit

Show ACL rule <rule-id> match ip hashlimit configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• This is another way to filter IP addresses.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name>

nv unset acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name>

Configure/remove ACL rule <rule-id> match IP hashlimit name configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit rate-above <rate-format>

Configure/remove ACL rule <rule-id> match IP hashlimit rate configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

rate-format

Rate limit, should be in the following format: integer/time-unit where time-unit is one of [second | min | hour]. The max supported rate is 1000000/second

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit burst <burst-int>

Configure/remove ACL rule <rule-id> match IP hashlimit burst configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

burst-int

integer:1–4294967295

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit expire <expire-int>

Configure/remove ACL rule <rule-id> match IP hashlimit expire configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

expire-int

integer:1–4294967295

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set acl <acl-id> rule <rule-id> match ip hashlimit mode <mode>

nv unset acl <acl-id> rule <rule-id> match ip hashlimit mode <mode>

Configure/remove ACL rule <rule-id> match IP hashlimit mode configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

mode

(enum:src-ip, dst-ip | string)

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <mask>

nv unset acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <mask>

Configure/remove ACL rule <rule-id> match IP hashlimit destination-mask configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

mask

integer: for ipv4 the range is 0-32 and for ipv6 the range is 0-128

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set acl <acl-id> rule <rule-id> match ip hashlimit source-mask <mask>

nv unset acl <acl-id> rule <rule-id> match ip hashlimit source-mask <mask>

Configure/remove ACL rule <rule-id> match ip hashlimit source-mask configurations.

Syntax Description

acl-id

ACL name

rule-id

Rule number (integer: 1–65535)

mask

Integer:

IPv4 range: 0–32IPv6 range: 0–128

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

• Matches the 'hashlimit' iptables module.

• The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv show interface <iface-id> acl

Display the ACL bound to the interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv show interface lo acl

Display the acl bound to the loopback interface.

Syntax Description

N/A

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv show interface <iface-id> acl <acl-id>

Display the given acl-id bound to the interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv show interface <iface-id> acl <acl-id> statistics

Display the given acl-id statistics bound to the interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/statistics

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv show interface <iface-id> acl <acl-id> statistics <rule-id>

Display the given acl-id statistics bound to the interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/statistics/{rule-id}

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv show interface <iface-id> acl <acl-id> outbound

Display the given acl-id bound to the interface in the outbound direction.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface <iface-id> acl <acl-id> outbound control-plane

Display the given acl-id bound to the interface in the outbound control-plane direction.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface <iface-id> acl <acl-id> inbound

Display the given acl-id bound to the interface in the inbound direction.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface <iface-id> acl <acl-id>

Display the given acl-id bound to the control-plane in the inbound direction.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

25.02.70xx Updated output

Example

REST API

GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv set interface <iface-id> acl <acl-id> inbound

nv unset interface <iface-id> acl <acl-id> inbound

Configure/remove the binding of the given ACL on the specified interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

acl-id

ACL name

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inboun

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set interface <iface-id> acl <acl-id> inbound control-plane

nv unset interface <iface-id> acl <acl-id> inbound control-plane

Configure the binding of the given ACL on the specified interface.

The unset form of the command removes the binding of the given ACL on the specified interface.

Syntax Description

iface-id

interface could be one of 'eth0' or 'loopback'

acl-id

ACL name

History

25.02.2002

25.02.70xx Updated syntax

Example

REST API

PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane

DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane

nv set acl <acl-id> rule <rule-id>

Notes

An ACL cannot be applied to both inbound and inbound control-plane, or to both outbound and outbound control-plane, on the same interface. Resetting the firewall rules to their default settings on the interface restores normal behavior.

nv set interface <iface-id> acl <acl-id> onbound control-plane

nv unset interface <iface-id> acl <acl-id> onbound control-plane

Configure the binding of the given ACL on the specified interface.

The unset form of the command removes the binding of the given ACL on the specified interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

acl-id

ACL name

History

25.02.2002

Example

REST API

PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane

DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set interface <iface-id> acl <acl-id> outbound

nv unset interface <iface-id> acl <acl-id> outbound

Configure/remove the binding of the given ACL on the specified interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

acl-id

ACL name

History

25.02.2002

Example

REST API

PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set interface <iface-id> acl

nv unset interface <iface-id> acl

Set the ACL configurations for the particular interface.

Unset the ACL configurations for the particular interface.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

History

25.02.2002

Example

REST API

PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl

DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl

Related Commands

Notes

Unsetting an interface ACL (at any level) should not restore the default binding; it should behave as a standard unset operation. Setting or unsetting rules on an interface works just like standard NVUE behavior.

nv set interface <id> acl <acl-id>

nv unset interface <id> acl <acl-id>

Set the ACL configurations for the particular interface acl-id.

Unset the ACL configurations for the particular interface acl-id.

Syntax Description

iface-id

Interface could be one of 'eth0' or 'loopback'

acl-id

ACL Name

History

25.02.2002

25.02.70xx Updated ACL names

Example

REST API

PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}

DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}

Related Commands

Notes

Unsetting an interface ACL (at any level) should not restore the default binding; it should behave as a standard unset operation. Setting or unsetting rules on an interface works just like standard NVUE behavior.

nv set interface

nv unset interfaceSet the interface configurations.Unset and unset the interface configurations.

Syntax Description

N/A

History

25.02.2002

Example

REST API

PATCH https://<ip>/nvue_v1/interface

DELETE https://<ip>/nvue_v1/interface

Related Commands

Notes

Unsetting an interface ACL (at any level) should not restore the default binding; it should behave as a standard unset operation. Setting or unsetting rules on an interface works just like standard NVUE behavior.

nv action clear acl counters

Clear the ACL counters in the show command.

Syntax Description

N/A

History

25.02.2002

Example

REST API

POST https://<ip>/nvue_v1/acl

Related Commands

nv set acl <acl-id> rule <rule-id>

Notes

nv set acl rule action set dscp

Set DSCP value for packets.

Syntax Description

acl-id

ACL ID to manipulate

rule-id

Rule to configure dscp

Dscp-value

It could be enum or an integer.

Enums supported:

• af11

• af12

• af13

• af21

• af22

• af23

• af31

• af32

• af33

• af41

• af42

• af43

• cs1

• cs2

• cs3

• cs4

• cs5

• cs6

• cs7

• be

• ef

Or an integer in the range [0,63]

History

25.02.4002

Example

REST API

PATCH https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/set

Related Commands

nv show acl rule action

Notes

Supported only for the management interface.

Configurable only in inbound and outbound directions!

nv set system control-plane acl <acl-id><outbound | inbound>

nv unset system control-plane acl <acl-id>

Binds ACL to the system control-plane and sets its direction.

The unset form of the command unbinds a specific system control-plane ACL. If no particular ACL ID is specified, the command will unbind all system control-plane ACLs.

Syntax Description

acl-id

ACL ID

inbound

Binds in inbound direction

outbound

Binds in outbound direction

History

25.02.70xx

Example

REST API

PATCH https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}

Related Commands

nv show system control-plane acl

Notes

nv show system control-plane acl

Show system control-plane ACL configuration.

Syntax Description

N/A

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/acl

Related Commands

nv set system control-plane acl

nv show system control-plane

Notes

nv show system control-plane

Show system control-plane configuration.

Syntax Description

N/A

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/

Related Commands

nv show system control-plane acl

Notes

nv show system control-plane acl <acl-id>

Show system control-plane ACL identification.

Syntax Description

acl-id

ACL ID

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}

Related Commands

nv set system control-plane acl

nv show system control-plane acl

Notes

nv show system control-plane acl <acl-id> statistics

Show system control-plane ACL statistics configuration.

Syntax Description

N/A

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/statistics

Related Commands

Notes

nv show system control-plane acl <acl-id> statistics <rule-id>

Show system control-plane ACL ID statistics rule-id.

Syntax Description

acl-id

ACL ID

rule-id

Rule number (integer: 1–65535)

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/statistics/{rule-id}

Related Commands

Notes

nv show system control-plane acl <acl-id> inbound

Show system control-plane ACL IC inbound direction details.

Syntax Description

acl-id

ACL ID

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/inbound

Related Commands

Notes

If an ACL is configured in one direction but not the other, it will appear in the parent show command (nv show interface acl) and not in the show command for the direction where it is not configured.

nv show system control-plane acl <acl-id> outbound

Show system control-plane ACL ID outbound direction details.

Syntax Description

N/A

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/outbound

Related Commands

Notes

If an ACL is configured in one direction but not the other, it will appear in the parent show command (nv show interface acl) and not in the show command for the direction where it is not configured.

nv set acl rule action recent

nv unset acl rule action

Set ACL rule action recent.

The unset form of the command removes ACL rule action recent.

Syntax Description

acl-id

ACL ID

rule-id

Rule number (integer: 1–65535)

History

25.02.70xx

Example

REST API

GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/recent

Related Commands

Notes

Only one action can be specified per rule. Any rule that matches the specified criteria will be accepted by the system. If a rule has no action defined, the default action will be "permit." If "match.ip.recent-list.action" is set, the default action is "recent." There is also the option to explicitly set the action to "recent" when "match.ip.recent-list" is configured.