extNaclC.addSC("default", "Set a command to its defaults"); extNaclC.addSC("deny", "Specify packets to reject"); extNaclC.deny.addSC("<0-255>", "An IP protocol number"); extNaclC.deny["<0-255>"].addSC("A.B.C.D", "Source address"); extNaclC.deny["<0-255>"]["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny["<0-255>"]["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny["<0-255>"]["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny["<0-255>"]["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny["<0-255>"].addSC("any", "Any source host"); extNaclC.deny["<0-255>"].any.addSC("A.B.C.D", "Destination address"); extNaclC.deny["<0-255>"].any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny["<0-255>"].any.addSC("any", "Any destination host"); extNaclC.deny["<0-255>"].any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.deny["<0-255>"].any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.deny["<0-255>"].any.any.addSC("log", "Log matches against this entry"); extNaclC.deny["<0-255>"].any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.deny["<0-255>"].any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.deny["<0-255>"].any.any.addSC("time-range", "Specify a time-range"); extNaclC.deny["<0-255>"].any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.deny["<0-255>"].any.addSC("host", "A single destination host"); extNaclC.deny["<0-255>"].any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny["<0-255>"].addSC("host", "A single source host"); extNaclC.deny["<0-255>"].host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny["<0-255>"].host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny["<0-255>"].host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny["<0-255>"].host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.addSC("ahp", "Authentication Header Protocol"); extNaclC.deny.addSC("eigrp", "Cisco's EIGRP routing protocol"); extNaclC.deny.eigrp.addSC("A.B.C.D", "Source address"); extNaclC.deny.eigrp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.eigrp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.eigrp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.eigrp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.eigrp.addSC("any", "Any source host"); extNaclC.deny.eigrp.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.eigrp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.eigrp.any.addSC("any", "Any destination host"); extNaclC.deny.eigrp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.deny.eigrp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.deny.eigrp.any.any.addSC("log", "Log matches against this entry"); extNaclC.deny.eigrp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.deny.eigrp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.deny.eigrp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.deny.eigrp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.deny.eigrp.any.addSC("host", "A single destination host"); extNaclC.deny.eigrp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.eigrp.addSC("host", "A single source host"); extNaclC.deny.eigrp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny.eigrp.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.eigrp.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.eigrp.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.addSC("esp", "Encapsulation Security Payload"); extNaclC.deny.addSC("gre", "Cisco's GRE tunneling"); extNaclC.deny.addSC("icmp", "Internet Control Message Protocol"); extNaclC.deny.icmp.addSC("A.B.C.D", "Source address"); extNaclC.deny.icmp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.icmp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.icmp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.icmp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.icmp.addSC("any", "Any source host"); extNaclC.deny.icmp.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.icmp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.icmp.any.addSC("any", "Any destination host"); extNaclC.deny.icmp.any.any.addSC("<0-255>", "ICMP message type"); extNaclC.deny.icmp.any.any.addSC("administratively-prohibited", "Administratively prohibited"); extNaclC.deny.icmp.any.any.addSC("alternate-address", "Alternate address"); extNaclC.deny.icmp.any.any.addSC("conversion-error", "Datagram conversion"); extNaclC.deny.icmp.any.any.addSC("dod-host-prohibited", "Host prohibited"); extNaclC.deny.icmp.any.any.addSC("dod-net-prohibited", "Net prohibited"); extNaclC.deny.icmp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.deny.icmp.any.any.addSC("echo", "Echo (ping)"); extNaclC.deny.icmp.any.any.addSC("echo-reply", "Echo reply"); extNaclC.deny.icmp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.deny.icmp.any.any.addSC("general-parameter-problem", "Parameter problem"); extNaclC.deny.icmp.any.any.addSC("host-isolated", "Host isolated"); extNaclC.deny.icmp.any.any.addSC("host-precedence-unreachable", "Host unreachable for precedence"); extNaclC.deny.icmp.any.any.addSC("host-redirect", "Host redirect"); extNaclC.deny.icmp.any.any.addSC("host-tos-redirect", "Host redirect for TOS"); extNaclC.deny.icmp.any.any.addSC("host-tos-unreachable", "Host unreachable for TOS"); extNaclC.deny.icmp.any.any.addSC("host-unknown", "Host unknown"); extNaclC.deny.icmp.any.any.addSC("host-unreachable", "Host unreachable"); extNaclC.deny.icmp.any.any.addSC("information-reply", "Information replies"); extNaclC.deny.icmp.any.any.addSC("information-request", "Information requests"); extNaclC.deny.icmp.any.any.addSC("log", "Log matches against this entry"); extNaclC.deny.icmp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.deny.icmp.any.any.addSC("mask-reply", "Mask replies"); extNaclC.deny.icmp.any.any.addSC("mask-request", "Mask requests"); extNaclC.deny.icmp.any.any.addSC("mobile-redirect", "Mobile host redirect"); extNaclC.deny.icmp.any.any.addSC("net-redirect", "Network redirect"); extNaclC.deny.icmp.any.any.addSC("net-tos-redirect", "Net redirect for TOS"); extNaclC.deny.icmp.any.any.addSC("net-tos-unreachable", "Network unreachable for TOS"); extNaclC.deny.icmp.any.any.addSC("net-unreachable", "Net unreachable"); extNaclC.deny.icmp.any.any.addSC("network-unknown", "Network unknown"); extNaclC.deny.icmp.any.any.addSC("no-room-for-option", "Parameter required but no room"); extNaclC.deny.icmp.any.any.addSC("option-missing", "Parameter required but not present"); extNaclC.deny.icmp.any.any.addSC("packet-too-big", "Fragmentation needed and DF set"); extNaclC.deny.icmp.any.any.addSC("parameter-problem", "All parameter problems"); extNaclC.deny.icmp.any.any.addSC("port-unreachable", "Port unreachable"); extNaclC.deny.icmp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.deny.icmp.any.any.addSC("precedence-unreachable", "Precedence cutoff"); extNaclC.deny.icmp.any.any.addSC("protocol-unreachable", "Protocol unreachable"); extNaclC.deny.icmp.any.any.addSC("reassembly-timeout", "Reassembly timeout"); extNaclC.deny.icmp.any.any.addSC("redirect", "All redirects"); extNaclC.deny.icmp.any.any.addSC("router-advertisement", "Router discovery advertisements"); extNaclC.deny.icmp.any.any.addSC("router-solicitation", "Router discovery solicitations"); extNaclC.deny.icmp.any.any.addSC("source-quench", "Source quenches"); extNaclC.deny.icmp.any.any.addSC("source-route-failed", "Source route failed"); extNaclC.deny.icmp.any.any.addSC("time-exceeded", "All time exceededs"); extNaclC.deny.icmp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.deny.icmp.any.any.addSC("timestamp-reply", "Timestamp replies"); extNaclC.deny.icmp.any.any.addSC("timestamp-request", "Timestamp requests"); extNaclC.deny.icmp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.deny.icmp.any.any.addSC("traceroute", "Traceroute"); extNaclC.deny.icmp.any.any.addSC("ttl-exceeded", "TTL exceeded"); extNaclC.deny.icmp.any.any.addSC("unreachable", "All unreachables"); extNaclC.deny.icmp.any.addSC("host", "A single destination host"); extNaclC.deny.icmp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.icmp.addSC("host", "A single source host"); extNaclC.deny.icmp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny.icmp.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.icmp.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.icmp.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.addSC("igmp", "Internet Gateway Message Protocol"); extNaclC.deny.addSC("igrp", "Cisco's IGRP routing protocol"); extNaclC.deny.igrp.addSC("A.B.C.D", "Source address"); extNaclC.deny.igrp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.igrp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.igrp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.igrp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.igrp.addSC("any", "Any source host"); extNaclC.deny.igrp.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.igrp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.igrp.any.addSC("any", "Any destination host"); extNaclC.deny.igrp.any.addSC("host", "A single destination host"); extNaclC.deny.igrp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.igrp.addSC("host", "A single source host"); extNaclC.deny.igrp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny.addSC("ip", "Any Internet Protocol"); extNaclC.deny.ip.addSC("A.B.C.D", "Source address"); extNaclC.deny.ip["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.ip.addSC("any", "Any source host"); extNaclC.deny.ip.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.ip.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.ip.any.addSC("any", "Any destination host"); extNaclC.deny.ip.any.addSC("host", "A single destination host"); extNaclC.deny.ip.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.ip.addSC("host", "A single source host"); extNaclC.deny.ip.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny.ip.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.ip.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.ip.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.addSC("ipinip", "IP in IP tunneling"); extNaclC.deny.addSC("nos", "KA9Q NOS compatible IP over IP tunneling"); extNaclC.deny.addSC("ospf", "OSPF routing protocol"); extNaclC.deny.ospf.addSC("A.B.C.D", "Source address"); extNaclC.deny.ospf["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.ospf["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.ospf["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.ospf["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.ospf.addSC("any", "Any source host"); extNaclC.deny.ospf.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.ospf.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.ospf.any.addSC("any", "Any destination host"); extNaclC.deny.ospf.any.addSC("host", "A single destination host"); extNaclC.deny.ospf.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.ospf.addSC("host", "A single source host"); extNaclC.deny.ospf.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny.ospf.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.ospf.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.ospf.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.addSC("pcp", "Payload Compression Protocol"); extNaclC.deny.addSC("pim", "Protocol Independent Multicast"); extNaclC.deny.addSC("tcp", "Transmission Control Protocol"); extNaclC.deny.tcp.addSC("A.B.C.D", "Source address"); extNaclC.deny.tcp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("eq", "Match only packets on a given port number"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("gt", "Match only packets with a greater port number"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("lt", "Match only packets with a lower port number"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("neq", "Match only packets not on a given port number"); extNaclC.deny.tcp["A.B.C.D"]["A.B.C.D"].addSC("range", "Match only packets in the range of port numbers"); extNaclC.deny.tcp.addSC("any", "Any source host"); extNaclC.deny.tcp.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.tcp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.tcp.any.addSC("any", "Any destination host"); extNaclC.deny.tcp.any.any.addSC("ack", "Match on the ACK bit"); extNaclC.deny.tcp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.deny.tcp.any.any.addSC("established", "Match established connections"); extNaclC.deny.tcp.any.any.addSC("fin", "Match on the FIN bit"); extNaclC.deny.tcp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.deny.tcp.any.any.addSC("log", "Log matches against this entry"); extNaclC.deny.tcp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.deny.tcp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.deny.tcp.any.any.addSC("psh", "Match on the PSH bit"); extNaclC.deny.tcp.any.any.addSC("rst", "Match on the RST bit"); extNaclC.deny.tcp.any.any.addSC("syn", "Match on the SYN bit"); extNaclC.deny.tcp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.deny.tcp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.deny.tcp.any.any.addSC("urg", "Match on the URG bit"); extNaclC.deny.tcp.any.addSC("eq", "Match only packets on a given port number"); extNaclC.deny.tcp.any.addSC("gt", "Match only packets with a greater port number"); extNaclC.deny.tcp.any.addSC("host", "A single destination host"); extNaclC.deny.tcp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.tcp.any.addSC("lt", "Match only packets with a lower port number"); extNaclC.deny.tcp.any.addSC("neq", "Match only packets not on a given port number"); extNaclC.deny.tcp.any.addSC("range", "Match only packets in the range of port numbers"); extNaclC.deny.tcp.addSC("host", "A single source host"); extNaclC.deny.tcp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.deny.addSC("udp", "User Datagram Protocol"); extNaclC.deny.udp.addSC("A.B.C.D", "Source address"); extNaclC.deny.udp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.deny.udp.addSC("any", "Any source host"); extNaclC.deny.udp.any.addSC("A.B.C.D", "Destination address"); extNaclC.deny.udp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.deny.udp.any.addSC("any", "Any destination host"); extNaclC.deny.udp.any.addSC("eq", "Match only packets on a given port number"); extNaclC.deny.udp.any.addSC("gt", "Match only packets with a greater port number"); extNaclC.deny.udp.any.addSC("host", "A single destination host"); extNaclC.deny.udp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.deny.udp.any.addSC("lt", "Match only packets with a lower port number"); extNaclC.deny.udp.any.addSC("neq", "Match only packets not on a given port number"); extNaclC.deny.udp.any.addSC("range", "Match only packets in the range of port numbers"); extNaclC.deny.udp.addSC("host", "A single source host"); extNaclC.deny.udp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.addSC("dynamic", "Specify a DYNAMIC list of PERMITs or DENYs"); extNaclC.dynamic.addSC("WORD", "Name of a Dynamic list"); extNaclC.dynamic.WORD.addSC("deny", "Specify packets to reject"); extNaclC.dynamic.WORD.deny.addSC("<0-255>", "An IP protocol number"); extNaclC.dynamic.WORD.deny.addSC("ahp", "Authentication Header Protocol"); extNaclC.dynamic.WORD.deny.addSC("eigrp", "Cisco's EIGRP routing protocol"); extNaclC.dynamic.WORD.deny.addSC("esp", "Encapsulation Security Payload"); extNaclC.dynamic.WORD.deny.addSC("gre", "Cisco's GRE tunneling"); extNaclC.dynamic.WORD.deny.addSC("icmp", "Internet Control Message Protocol"); extNaclC.dynamic.WORD.deny.addSC("igmp", "Internet Gateway Message Protocol"); extNaclC.dynamic.WORD.deny.addSC("igrp", "Cisco's IGRP routing protocol"); extNaclC.dynamic.WORD.deny.addSC("ip", "Any Internet Protocol"); extNaclC.dynamic.WORD.deny.addSC("ipinip", "IP in IP tunneling"); extNaclC.dynamic.WORD.deny.addSC("nos", "KA9Q NOS compatible IP over IP tunneling"); extNaclC.dynamic.WORD.deny.addSC("ospf", "OSPF routing protocol"); extNaclC.dynamic.WORD.deny.addSC("pcp", "Payload Compression Protocol"); extNaclC.dynamic.WORD.deny.addSC("pim", "Protocol Independent Multicast"); extNaclC.dynamic.WORD.deny.addSC("tcp", "Transmission Control Protocol"); extNaclC.dynamic.WORD.deny.addSC("udp", "User Datagram Protocol"); extNaclC.dynamic.WORD.addSC("timeout", "Maximum time for dynamic ACL to live"); extNaclC.dynamic.WORD.timeout.addSC("<1-9999>", "Maximum time to live"); extNaclC.addSC("evaluate", "Evaluate an access list"); extNaclC.evaluate.addSC("WORD", "IP reflexive access list name"); extNaclC.addSC("exit", "Exit from access-list configuration mode"); extNaclC.addSC("no", "Negate a command or set its defaults"); extNaclC.no.addSC("deny", "Specify packets to reject"); extNaclC.no.deny.addSC("<0-255>", "An IP protocol number"); extNaclC.no.deny["<0-255>"].addSC("A.B.C.D", "Source address"); extNaclC.no.deny["<0-255>"]["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny["<0-255>"].addSC("any", "Any source host"); extNaclC.no.deny["<0-255>"].any.addSC("A.B.C.D", "Destination address"); extNaclC.no.deny["<0-255>"].any.addSC("any", "Any destination host"); extNaclC.no.deny["<0-255>"].any.addSC("host", "A single destination host"); extNaclC.no.deny["<0-255>"].addSC("host", "A single source host"); extNaclC.no.deny["<0-255>"].host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.deny.addSC("ahp", "Authentication Header Protocol"); extNaclC.no.deny.addSC("eigrp", "Cisco's EIGRP routing protocol"); extNaclC.no.deny.eigrp.addSC("A.B.C.D", "Source address"); extNaclC.no.deny.eigrp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny.eigrp.addSC("any", "Any source host"); extNaclC.no.deny.eigrp.any.addSC("A.B.C.D", "Destination address"); extNaclC.no.deny.eigrp.any.addSC("any", "Any destination host"); extNaclC.no.deny.eigrp.any.addSC("host", "A single destination host"); extNaclC.no.deny.eigrp.addSC("host", "A single source host"); extNaclC.no.deny.eigrp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.deny.addSC("esp", "Encapsulation Security Payload"); extNaclC.no.deny.addSC("gre", "Cisco's GRE tunneling"); extNaclC.no.deny.addSC("icmp", "Internet Control Message Protocol"); extNaclC.no.deny.addSC("igmp", "Internet Gateway Message Protocol"); extNaclC.no.deny.addSC("igrp", "Cisco's IGRP routing protocol"); extNaclC.no.deny.igrp.addSC("A.B.C.D", "Source address"); extNaclC.no.deny.igrp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny.igrp.addSC("any", "Any source host"); extNaclC.no.deny.igrp.any.addSC("A.B.C.D", "Destination address"); extNaclC.no.deny.igrp.any.addSC("any", "Any destination host"); extNaclC.no.deny.igrp.any.addSC("host", "A single destination host"); extNaclC.no.deny.igrp.addSC("host", "A single source host"); extNaclC.no.deny.igrp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.deny.addSC("ip", "Any Internet Protocol"); extNaclC.no.deny.ip.addSC("A.B.C.D", "Source address"); extNaclC.no.deny.ip["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny.ip.addSC("any", "Any source host"); extNaclC.no.deny.ip.any.addSC("A.B.C.D", "Destination address"); extNaclC.no.deny.ip.any.addSC("any", "Any destination host"); extNaclC.no.deny.ip.any.addSC("host", "A single destination host"); extNaclC.no.deny.ip.addSC("host", "A single source host"); extNaclC.no.deny.ip.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.deny.addSC("ipinip", "IP in IP tunneling"); extNaclC.no.deny.addSC("nos", "KA9Q NOS compatible IP over IP tunneling"); extNaclC.no.deny.addSC("ospf", "OSPF routing protocol"); extNaclC.no.deny.ospf.addSC("A.B.C.D", "Source address"); extNaclC.no.deny.ospf["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny.ospf.addSC("any", "Any source host"); extNaclC.no.deny.ospf.any.addSC("A.B.C.D", "Destination address"); extNaclC.no.deny.ospf.any.addSC("any", "Any destination host"); extNaclC.no.deny.ospf.any.addSC("host", "A single destination host"); extNaclC.no.deny.ospf.addSC("host", "A single source host"); extNaclC.no.deny.ospf.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.deny.addSC("pcp", "Payload Compression Protocol"); extNaclC.no.deny.addSC("pim", "Protocol Independent Multicast"); extNaclC.no.deny.addSC("tcp", "Transmission Control Protocol"); extNaclC.no.deny.tcp.addSC("A.B.C.D", "Source address"); extNaclC.no.deny.tcp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny.tcp.addSC("any", "Any source host"); extNaclC.no.deny.tcp.any.addSC("A.B.C.D", "Destination address"); extNaclC.no.deny.tcp.any.addSC("any", "Any destination host"); extNaclC.no.deny.tcp.any.addSC("eq", "Match only packets on a given port number"); extNaclC.no.deny.tcp.any.addSC("gt", "Match only packets with a greater port number"); extNaclC.no.deny.tcp.any.addSC("host", "A single destination host"); extNaclC.no.deny.tcp.any.addSC("lt", "Match only packets with a lower port number"); extNaclC.no.deny.tcp.any.addSC("neq", "Match only packets not on a given port number"); extNaclC.no.deny.tcp.any.addSC("range", "Match only packets in the range of port numbers"); extNaclC.no.deny.tcp.addSC("host", "A single source host"); extNaclC.no.deny.tcp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.deny.addSC("udp", "User Datagram Protocol"); extNaclC.no.deny.udp.addSC("A.B.C.D", "Source address"); extNaclC.no.deny.udp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.no.deny.udp.addSC("any", "Any source host"); extNaclC.no.deny.udp.addSC("host", "A single source host"); extNaclC.no.deny.udp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.no.addSC("dynamic", "Specify a DYNAMIC list of PERMITs or DENYs"); extNaclC.no.dynamic.addSC("WORD", "Name of a Dynamic list"); extNaclC.no.dynamic.WORD.addSC("deny", "Specify packets to reject"); extNaclC.no.dynamic.WORD.addSC("timeout", "Maximum time for dynamic ACL to live"); extNaclC.no.addSC("evaluate", "Evaluate an access list"); extNaclC.no.evaluate.addSC("WORD", "IP reflexive access list name"); extNaclC.addSC("permit", "Specify packets to forward"); extNaclC.permit.addSC("<0-255>", "An IP protocol number"); extNaclC.permit["<0-255>"].addSC("A.B.C.D", "Source address"); extNaclC.permit["<0-255>"]["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit["<0-255>"]["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit["<0-255>"]["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit["<0-255>"]["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit["<0-255>"].addSC("any", "Any source host"); extNaclC.permit["<0-255>"].any.addSC("A.B.C.D", "Destination address"); extNaclC.permit["<0-255>"].any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit["<0-255>"].any.addSC("any", "Any destination host"); extNaclC.permit["<0-255>"].any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit["<0-255>"].any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit["<0-255>"].any.any.addSC("log", "Log matches against this entry"); extNaclC.permit["<0-255>"].any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit["<0-255>"].any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit["<0-255>"].any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit["<0-255>"].any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit["<0-255>"].any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit["<0-255>"].any.addSC("host", "A single destination host"); extNaclC.permit["<0-255>"].any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit["<0-255>"].addSC("host", "A single source host"); extNaclC.permit["<0-255>"].host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit["<0-255>"].host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit["<0-255>"].host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit["<0-255>"].host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.addSC("ahp", "Authentication Header Protocol"); extNaclC.permit.addSC("eigrp", "Cisco's EIGRP routing protocol"); extNaclC.permit.eigrp.addSC("A.B.C.D", "Source address"); extNaclC.permit.eigrp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.eigrp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.eigrp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.eigrp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.eigrp.addSC("any", "Any source host"); extNaclC.permit.eigrp.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.eigrp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.eigrp.any.addSC("any", "Any destination host"); extNaclC.permit.eigrp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit.eigrp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit.eigrp.any.any.addSC("log", "Log matches against this entry"); extNaclC.permit.eigrp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit.eigrp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit.eigrp.any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit.eigrp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit.eigrp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit.eigrp.any.addSC("host", "A single destination host"); extNaclC.permit.eigrp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.eigrp.addSC("host", "A single source host"); extNaclC.permit.eigrp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit.eigrp.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.eigrp.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.eigrp.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.addSC("esp", "Encapsulation Security Payload"); extNaclC.permit.addSC("gre", "Cisco's GRE tunneling"); extNaclC.permit.addSC("icmp", "Internet Control Message Protocol"); extNaclC.permit.icmp.addSC("A.B.C.D", "Source address"); extNaclC.permit.icmp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.icmp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.icmp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.icmp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.icmp.addSC("any", "Any source host"); extNaclC.permit.icmp.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.icmp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.icmp.any.addSC("any", "Any destination host"); extNaclC.permit.icmp.any.any.addSC("<0-255>", "ICMP message type"); extNaclC.permit.icmp.any.any.addSC("administratively-prohibited", "Administratively prohibited"); extNaclC.permit.icmp.any.any.addSC("alternate-address", "Alternate address"); extNaclC.permit.icmp.any.any.addSC("conversion-error", "Datagram conversion"); extNaclC.permit.icmp.any.any.addSC("dod-host-prohibited", "Host prohibited"); extNaclC.permit.icmp.any.any.addSC("dod-net-prohibited", "Net prohibited"); extNaclC.permit.icmp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit.icmp.any.any.addSC("echo", "Echo (ping)"); extNaclC.permit.icmp.any.any.addSC("echo-reply", "Echo reply"); extNaclC.permit.icmp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit.icmp.any.any.addSC("general-parameter-problem", "Parameter problem"); extNaclC.permit.icmp.any.any.addSC("host-isolated", "Host isolated"); extNaclC.permit.icmp.any.any.addSC("host-precedence-unreachable", "Host unreachable for precedence"); extNaclC.permit.icmp.any.any.addSC("host-redirect", "Host redirect"); extNaclC.permit.icmp.any.any.addSC("host-tos-redirect", "Host redirect for TOS"); extNaclC.permit.icmp.any.any.addSC("host-tos-unreachable", "Host unreachable for TOS"); extNaclC.permit.icmp.any.any.addSC("host-unknown", "Host unknown"); extNaclC.permit.icmp.any.any.addSC("host-unreachable", "Host unreachable"); extNaclC.permit.icmp.any.any.addSC("information-reply", "Information replies"); extNaclC.permit.icmp.any.any.addSC("information-request", "Information requests"); extNaclC.permit.icmp.any.any.addSC("log", "Log matches against this entry"); extNaclC.permit.icmp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit.icmp.any.any.addSC("mask-reply", "Mask replies"); extNaclC.permit.icmp.any.any.addSC("mask-request", "Mask requests"); extNaclC.permit.icmp.any.any.addSC("mobile-redirect", "Mobile host redirect"); extNaclC.permit.icmp.any.any.addSC("net-redirect", "Network redirect"); extNaclC.permit.icmp.any.any.addSC("net-tos-redirect", "Net redirect for TOS"); extNaclC.permit.icmp.any.any.addSC("net-tos-unreachable", "Network unreachable for TOS"); extNaclC.permit.icmp.any.any.addSC("net-unreachable", "Net unreachable"); extNaclC.permit.icmp.any.any.addSC("network-unknown", "Network unknown"); extNaclC.permit.icmp.any.any.addSC("no-room-for-option", "Parameter required but no room"); extNaclC.permit.icmp.any.any.addSC("option-missing", "Parameter required but not present"); extNaclC.permit.icmp.any.any.addSC("packet-too-big", "Fragmentation needed and DF set"); extNaclC.permit.icmp.any.any.addSC("parameter-problem", "All parameter problems"); extNaclC.permit.icmp.any.any.addSC("port-unreachable", "Port unreachable"); extNaclC.permit.icmp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit.icmp.any.any.addSC("precedence-unreachable", "Precedence cutoff"); extNaclC.permit.icmp.any.any.addSC("protocol-unreachable", "Protocol unreachable"); extNaclC.permit.icmp.any.any.addSC("reassembly-timeout", "Reassembly timeout"); extNaclC.permit.icmp.any.any.addSC("redirect", "All redirects"); extNaclC.permit.icmp.any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit.icmp.any.any.addSC("router-advertisement", "Router discovery advertisements"); extNaclC.permit.icmp.any.any.addSC("router-solicitation", "Router discovery solicitations"); extNaclC.permit.icmp.any.any.addSC("source-quench", "Source quenches"); extNaclC.permit.icmp.any.any.addSC("source-route-failed", "Source route failed"); extNaclC.permit.icmp.any.any.addSC("time-exceeded", "All time exceededs"); extNaclC.permit.icmp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit.icmp.any.any.addSC("timestamp-reply", "Timestamp replies"); extNaclC.permit.icmp.any.any.addSC("timestamp-request", "Timestamp requests"); extNaclC.permit.icmp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit.icmp.any.any.addSC("traceroute", "Traceroute"); extNaclC.permit.icmp.any.any.addSC("ttl-exceeded", "TTL exceeded"); extNaclC.permit.icmp.any.any.addSC("unreachable", "All unreachables"); extNaclC.permit.icmp.any.addSC("host", "A single destination host"); extNaclC.permit.icmp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.icmp.addSC("host", "A single source host"); extNaclC.permit.icmp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit.icmp.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.icmp.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.icmp.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.addSC("igmp", "Internet Gateway Message Protocol"); extNaclC.permit.addSC("igrp", "Cisco's IGRP routing protocol"); extNaclC.permit.igrp.addSC("A.B.C.D", "Source address"); extNaclC.permit.igrp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.igrp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.igrp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.igrp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.igrp.addSC("any", "Any source host"); extNaclC.permit.igrp.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.igrp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.igrp.any.addSC("any", "Any destination host"); extNaclC.permit.igrp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit.igrp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit.igrp.any.any.addSC("log", "Log matches against this entry"); extNaclC.permit.igrp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit.igrp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit.igrp.any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit.igrp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit.igrp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit.igrp.any.addSC("host", "A single destination host"); extNaclC.permit.igrp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.igrp.addSC("host", "A single source host"); extNaclC.permit.igrp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit.igrp.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.igrp.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.igrp.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.addSC("ip", "Any Internet Protocol"); extNaclC.permit.ip.addSC("A.B.C.D", "Source address"); extNaclC.permit.ip["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.ip["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.ip["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.ip["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.ip.addSC("any", "Any source host"); extNaclC.permit.ip.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.ip.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.ip.any.addSC("any", "Any destination host"); extNaclC.permit.ip.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit.ip.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit.ip.any.any.addSC("log", "Log matches against this entry"); extNaclC.permit.ip.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit.ip.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit.ip.any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit.ip.any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit.ip.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit.ip.any.addSC("host", "A single destination host"); extNaclC.permit.ip.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.ip.addSC("host", "A single source host"); extNaclC.permit.ip.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit.ip.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.ip.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.ip.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.addSC("ipinip", "IP in IP tunneling"); extNaclC.permit.addSC("nos", "KA9Q NOS compatible IP over IP tunneling"); extNaclC.permit.addSC("ospf", "OSPF routing protocol"); extNaclC.permit.ospf.addSC("A.B.C.D", "Source address"); extNaclC.permit.ospf["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.ospf["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.ospf["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.ospf["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.ospf.addSC("any", "Any source host"); extNaclC.permit.ospf.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.ospf.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.ospf.any.addSC("any", "Any destination host"); extNaclC.permit.ospf.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit.ospf.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit.ospf.any.any.addSC("log", "Log matches against this entry"); extNaclC.permit.ospf.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit.ospf.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit.ospf.any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit.ospf.any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit.ospf.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit.ospf.any.addSC("host", "A single destination host"); extNaclC.permit.ospf.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.ospf.addSC("host", "A single source host"); extNaclC.permit.ospf.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit.ospf.host["Hostname or A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.ospf.host["Hostname or A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.ospf.host["Hostname or A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.addSC("pcp", "Payload Compression Protocol"); extNaclC.permit.addSC("pim", "Protocol Independent Multicast"); extNaclC.permit.addSC("tcp", "Transmission Control Protocol"); extNaclC.permit.tcp.addSC("A.B.C.D", "Source address"); extNaclC.permit.tcp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("A.B.C.D", "Destination address"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("any", "Any destination host"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("eq", "Match only packets on a given port number"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("gt", "Match only packets with a greater port number"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("host", "A single destination host"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("lt", "Match only packets with a lower port number"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("neq", "Match only packets not on a given port number"); extNaclC.permit.tcp["A.B.C.D"]["A.B.C.D"].addSC("range", "Match only packets in the range of port numbers"); extNaclC.permit.tcp.addSC("any", "Any source host"); extNaclC.permit.tcp.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.tcp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.tcp.any.addSC("any", "Any destination host"); extNaclC.permit.tcp.any.any.addSC("ack", "Match on the ACK bit"); extNaclC.permit.tcp.any.any.addSC("dscp", "Match packets with given dscp value"); extNaclC.permit.tcp.any.any.addSC("established", "Match established connections"); extNaclC.permit.tcp.any.any.addSC("fin", "Match on the FIN bit"); extNaclC.permit.tcp.any.any.addSC("fragments", "Check non-initial fragments"); extNaclC.permit.tcp.any.any.addSC("log", "Log matches against this entry"); extNaclC.permit.tcp.any.any.addSC("log-input", "Log matches against this entry, including input interface"); extNaclC.permit.tcp.any.any.addSC("precedence", "Match packets with given precedence value"); extNaclC.permit.tcp.any.any.addSC("psh", "Match on the PSH bit"); extNaclC.permit.tcp.any.any.addSC("reflect", "Create reflexive access list entry"); extNaclC.permit.tcp.any.any.addSC("rst", "Match on the RST bit"); extNaclC.permit.tcp.any.any.addSC("syn", "Match on the SYN bit"); extNaclC.permit.tcp.any.any.addSC("time-range", "Specify a time-range"); extNaclC.permit.tcp.any.any.addSC("tos", "Match packets with given TOS value"); extNaclC.permit.tcp.any.any.addSC("urg", "Match on the URG bit"); extNaclC.permit.tcp.any.addSC("eq", "Match only packets on a given port number"); extNaclC.permit.tcp.any["eq"].addSC("<0-65535>", "Port number"); extNaclC.permit.tcp.any["eq"].addSC("bgp", "Border Gateway Protocol (179)"); extNaclC.permit.tcp.any["eq"].addSC("chargen", "Character generator (19)"); extNaclC.permit.tcp.any["eq"].addSC("cmd", "Remote commands (rcmd, 514)"); extNaclC.permit.tcp.any["eq"].addSC("daytime", "Daytime (13)"); extNaclC.permit.tcp.any["eq"].addSC("discard", "Discard (9)"); extNaclC.permit.tcp.any["eq"].addSC("domain", "Domain Name Service (53)"); extNaclC.permit.tcp.any["eq"].addSC("echo", "Echo (7)"); extNaclC.permit.tcp.any["eq"].addSC("exec", "Exec (rsh, 512)"); extNaclC.permit.tcp.any["eq"].addSC("finger", "Finger (79)"); extNaclC.permit.tcp.any["eq"].addSC("ftp", "File Transfer Protocol (21)"); extNaclC.permit.tcp.any["eq"].addSC("ftp-data", "FTP data connections (used infrequently, 20)"); extNaclC.permit.tcp.any["eq"].addSC("gopher", "Gopher (70)"); extNaclC.permit.tcp.any["eq"].addSC("hostname", "NIC hostname server (101)"); extNaclC.permit.tcp.any["eq"].addSC("ident", "Ident Protocol (113)"); extNaclC.permit.tcp.any["eq"].addSC("irc", "Internet Relay Chat (194)"); extNaclC.permit.tcp.any["eq"].addSC("klogin", "Kerberos login (543)"); extNaclC.permit.tcp.any["eq"].addSC("kshell", "Kerberos shell (544)"); extNaclC.permit.tcp.any["eq"].addSC("login", "Login (rlogin, 513)"); extNaclC.permit.tcp.any["eq"].addSC("lpd", "Printer service (515)"); extNaclC.permit.tcp.any["eq"].addSC("nntp", "Network News Transport Protocol (119)"); extNaclC.permit.tcp.any["eq"].addSC("pim-auto-rp", "PIM Auto-RP (496)"); extNaclC.permit.tcp.any["eq"].addSC("pop2", "Post Office Protocol v2 (109)"); extNaclC.permit.tcp.any["eq"].addSC("pop3", "Post Office Protocol v3 (110)"); extNaclC.permit.tcp.any["eq"].addSC("smtp", "Simple Mail Transport Protocol (25)"); extNaclC.permit.tcp.any["eq"].addSC("sunrpc", "Sun Remote Procedure Call (111)"); extNaclC.permit.tcp.any["eq"].addSC("syslog", "Syslog (514)"); extNaclC.permit.tcp.any["eq"].addSC("tacacs", "TAC Access Control System (49)"); extNaclC.permit.tcp.any["eq"].addSC("talk", "Talk (517)"); extNaclC.permit.tcp.any["eq"].addSC("telnet", "Telnet (23)"); extNaclC.permit.tcp.any["eq"].addSC("time", "Time (37)"); extNaclC.permit.tcp.any["eq"].addSC("uucp", "Unix-to-Unix Copy Program (540)"); extNaclC.permit.tcp.any["eq"].addSC("whois", "Nicname (43)"); extNaclC.permit.tcp.any["eq"].addSC("www", "World Wide Web (HTTP, 80)"); extNaclC.permit.tcp.any.addSC("gt", "Match only packets with a greater port number"); extNaclC.permit.tcp.any.addSC("host", "A single destination host"); extNaclC.permit.tcp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.tcp.any.addSC("lt", "Match only packets with a lower port number"); extNaclC.permit.tcp.any.addSC("neq", "Match only packets not on a given port number"); extNaclC.permit.tcp.any.addSC("range", "Match only packets in the range of port numbers"); extNaclC.permit.tcp.addSC("host", "A single source host"); extNaclC.permit.tcp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.permit.addSC("udp", "User Datagram Protocol"); extNaclC.permit.udp.addSC("A.B.C.D", "Source address"); extNaclC.permit.udp["A.B.C.D"].addSC("A.B.C.D", "Source wildcard bits"); extNaclC.permit.udp.addSC("any", "Any source host"); extNaclC.permit.udp.any.addSC("A.B.C.D", "Destination address"); extNaclC.permit.udp.any["A.B.C.D"].addSC("A.B.C.D", "Destination wildcard bits"); extNaclC.permit.udp.any.addSC("any", "Any destination host"); extNaclC.permit.udp.any.addSC("eq", "Match only packets on a given port number"); extNaclC.permit.udp.any.addSC("gt", "Match only packets with a greater port number"); extNaclC.permit.udp.any.addSC("host", "A single destination host"); extNaclC.permit.udp.any.host.addSC("Hostname or A.B.C.D", "Destination address"); extNaclC.permit.udp.any.addSC("lt", "Match only packets with a lower port number"); extNaclC.permit.udp.any.addSC("neq", "Match only packets not on a given port number"); extNaclC.permit.udp.any.addSC("range", "Match only packets in the range of port numbers"); extNaclC.permit.udp.addSC("host", "A single source host"); extNaclC.permit.udp.host.addSC("Hostname or A.B.C.D", "Source address"); extNaclC.addSC("remark", "Access list entry comment"); extNaclC.remark.addSC("LINE", "Comment up to 100 characters");