Access Lists¶
Access Lists can be used to control ingress or egress traffic or to match hosts, networks and other contexts. An ACL contains a set of rules that defines source and destination hosts or networks to match, along with other aspects of traffic such as protocol and port number. Access Lists have an implicit final deny action. Any traffic not matched with an explicit permit rule will be dropped. Access Lists assume “any” for a value unless otherwise specified.
Access Lists can be stateful (reflect
), or work without state tracking
(permit
).
Access Lists must be defined first and then applied to an interface along with a specific direction.
Host ACLs operate differently, as they govern traffic for interfaces in the host operating system rather than inside TNSR.