| getnsaclResult Structure Definition |
The getnsaclResult structure defines the return type for getnsacl API. |
Syntax |
Members |
rc |
If the method succeeds, rc is 0 else rc > 0. Values above 0x8000 indicate Warnings. |
message |
If the method succeeds, message is NULL else message contains Error/Warning message. |
nsaclList |
List of nsacls |
| nsacl Structure Definition |
The nsacl structure defines the actual return type values for getnsacl API. |
Syntax |
Members |
aclname |
Name of the extended ACL rule whose details you want the Citrix ADC to display. |
type |
default will display both CLASSIC and DFD |
aclaction |
Action to perform on incoming IPv4 packets that match the extended ACL rule.
Available settings function as follows:
* ALLOW - The Citrix ADC processes the packet.
* BRIDGE - The Citrix ADC bridges the packet to the destination without processing it.
* DENY - The Citrix ADC drops the packet. |
srcmac |
MAC address to match against the source MAC address of an incoming IPv4 packet. |
srcmacmask |
Used to define range of Source MAC address. It takes string of 0 and 1, 0s are for exact match and 1s for wildcard. For matching first 3 bytes of MAC address, srcMacMask value "000000111111". |
protocol |
The protocol number in IP header or name. |
protocolnumber |
The protocol number in IP header or name. |
srcportval |
Port number or range of port numbers to match against the source port number of an incoming IPv4 packet. In the method line interface, separate the range with a hyphen. For example: 40-90. |
srcportdataset |
Policy dataset which can have multiple port ranges bound to it. |
operatoR |
Either the equals (=) or does not equal (!=) logical operator. |
destportval |
Port number or range of port numbers to match against the destination port number of an incoming IPv4 packet. In the method line interface, separate the range with a hyphen. For example: 40-90.
Note: The destination port can be specified only for TCP and UDP protocols. |
destportdataset |
Policy dataset which can have multiple port ranges bound to it. |
operatoR2 |
Either the equals (=) or does not equal (!=) logical operator. |
srcipval |
IP address or range of IP addresses to match against the source IP address of an incoming IPv4 packet. In the method line interface, separate the range with a hyphen. For example:10.102.29.30-10.102.29.189. |
srcipdataset |
Policy dataset which can have multiple IP ranges bound to it. |
operatoR3 |
Either the equals (=) or does not equal (!=) logical operator. |
destipval |
IP address or range of IP addresses to match against the destination IP address of an incoming IPv4 packet. In the method line interface, separate the range with a hyphen. For example: 10.102.29.30-10.102.29.189. |
operatoR4 |
Either the equals (=) or does not equal (!=) logical operator. |
destipdataset |
Policy dataset which can have multiple IP ranges bound to it. |
vlan |
ID of the VLAN. The Citrix ADC applies the ACL rule only to the incoming packets of the specified VLAN. If you do not specify a VLAN ID, the appliance applies the ACL rule to the incoming packets on all VLANs. |
vxlan |
ID of the VXLAN. The Citrix ADC applies the ACL rule only to the incoming packets of the specified VXLAN. If you do not specify a VXLAN ID, the appliance applies the ACL rule to the incoming packets on all VXLANs. |
state |
Enable or disable the extended ACL rule. After you apply the extended ACL rules, the Citrix ADC compares incoming packets against the enabled extended ACL rules. |
ttl |
Number of seconds, in multiples of four, after which the extended ACL rule expires. If you do not want the extended ACL rule to expire, do not specify a TTL value. |
icmptype |
ICMP Message type to match against the message type of an incoming ICMP packet. For example, to block DESTINATION UNREACHABLE messages, you must specify 3 as the ICMP type.
Note: This parameter can be specified only for the ICMP protocol. |
icmpcode |
Code of a particular ICMP message type to match against the ICMP code of an incoming ICMP packet. For example, to block DESTINATION HOST UNREACHABLE messages, specify 3 as the ICMP type and 1 as the ICMP code.
If you set this parameter, you must set the ICMP Type parameter. |
interfacE |
ID of an interface. The Citrix ADC applies the ACL rule only to the incoming packets from the specified interface. If you do not specify any value, the appliance applies the ACL rule to the incoming packets of all interfaces. |
hits |
The hits of this ACL. |
priority |
Priority for the extended ACL rule that determines the order in which it is evaluated relative to the other extended ACL rules. If you do not specify priorities while creating extended ACL rules, the ACL rules are evaluated in the order in which they are created. |
kernelstate |
The commit status of the ACL. |
logstate |
Enable or disable logging of events related to the extended ACL rule. The log messages are stored in the configured syslog or auditlog server. |
ratelimit |
Packet rate limit for acl logging |
aclassociate |
ACL linked |
dfdhash |
Specifies the type hashmethod to be applied, to steer the packet to the FP of the packet. |
nodeid |
Specifies the NodeId to steer the packet to the provided FP. |
stateful |
If stateful option is enabled, transparent sessions are created for the traffic hitting this ACL and not hitting any other features like LB, INAT etc. |
aclchildcount |
Number of childs for this ACL. |
_nextgenapiresource |
See Also |