#11 Add TCP options support for IOS ACL

closed-fixed
None
1
2010-03-10
2009-09-23
Jiri Polach
No

Please add TCP options support for IOS ACLs. Matching TCP flags (options) is now possible in IOS ACLs, moreover using "established" keyword may be considered obsolete. Please see "ACL Support for Filtering IP Options" on http://www.cisco.com/en/US/docs/ios/12_3t/12_3t4/feature/guide/gtipofil.html. Thank you.

Discussion

  • Vadim Kurland

    Vadim Kurland - 2009-11-08

    The Cisco document you provided URL for talks about matching IP options rather than TCP flags. Please clarify if this request is to implement matching for IP options, such as lsr, ssr, timestamp, router-alert and others, or TCP flags. If the latter, could you provide reference to the relevant Cisco document ? Thanks.

     
  • Vadim Kurland

    Vadim Kurland - 2009-11-08
    • assigned_to: nobody --> vkurland
     
  • Vadim Kurland

    Vadim Kurland - 2009-11-08

    meanwhile, I implemented matching TCP flags using extended ACL option "match-all". This seems to work in IOS 12.4 (not "T"). It may be available in 12.3T but I do not have this image to test and I think fwbuilder should require IOS version of the general deployment release, which seems to be 12.4 in this case. Anyway, you can test using latest fwbuilder v3.1 test build that you can download here:

    http://www.fwbuilder.org/nightly_builds/fwbuilder-3.1/

    I'll keep this ticket open until you confirm this works the way you expected..

     
  • Vadim Kurland

    Vadim Kurland - 2009-11-08
    • priority: 5 --> 1
     
  • Vadim Kurland

    Vadim Kurland - 2009-11-08
    • status: open --> open-fixed
     
  • Vadim Kurland

    Vadim Kurland - 2010-03-10
    • status: open-fixed --> closed-fixed
     

Log in to post a comment.

Get latest updates about Open Source Projects, Conferences and News.

Sign up for the SourceForge newsletter:





No, thanks