Depending on how you plan to use a named ACL and which access control types an operation supports, you can add one or all of the following when you define a named ACL: IPv4 and IPv6 addresses, IPv4 and IPv6 networks, TSIG key based ACEs, DNSone 2.x TSIG keys. You can also add an existing named ACL as a nested ACL to a new or existing named ACL.
When configuring a named ACL, ensure that you define it correctly for the intended operations using the supported access control types. For example, if you want to apply a named ACL to AAAA filtering, do not include IPv6 addresses or networks in the named ACL because AAAA filtering does not support IPv6 addresses and networks. For information about supported access control types, see Table 8.1.
To define a named ACL:
- From the Administration tab, select the Named ACLs tab, and then click the Add icon.
- In the Add Named ACL wizard, complete the following:
Click Next. Complete the following to add ACEs to the named ACL:
- Name: Enter a name for the named ACL. You can enter up to 64 characters.
- Comment: Enter additional information about the named ACL.
Click Next to enter extensible attributes for the named ACL. For information, see About Extensible Attributes.Save the configuration.
- Click the Add icon and select one of the following access control types from the drop-down list. Depending on your selection, Grid Manager adds a row to the table directly or expands the panel before adding a row.
- IPv4 Address: Select this to add an IPv4 address. Click the Entry field and enter the IPv4 address. The Operation column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.
- IPv4 Network: When you select this, enter the network address in the Address field, select the netmask using the slider, and then select Allow or Deny from the Permission drop-down list. Click Add and Grid Manager adds the entry to the table.
- IPv6 Address: Select this to add an IPv6 address. Click the Entry field and enter the IPv6 address. The Operation column displays Allow by default. You can change it to Deny by clicking the field and selecting Deny from the drop-down list.
- IPv6 Network: When you select this, enter the network address and its netmask in the Address field, and then select Allow or Deny from the Permission drop-down list. Click Add and Grid Manager adds the entry to the table.
- TSIGKey: In the AddTSIGKey panel, complete the following, and then click Add to add the TSIG key to the list:
- DNSone 2.x TSIG Key: Select this when the client is a NIOS appliance running DNS One 2.x code. The appliance automatically populates the value of the key in the Entry field. The Operation column displays Allow by default. You cannot change the default permission.
- Any Address/Network: Select this to allow or deny permission for any addresses and networks.
Named ACL: When you select this, Grid Manager displays the Named ACLs Selector. Select the named ACLs you want to add to the new ACL. If you have only one existing named ACL, Grid Manager automatically adds the named ACL to the list. The selected named ACL becomes a nested ACL in the newly created named ACL.
The Order field in the table displays the position of each entry based on the order it is placed in the list. You can modify this number to change the order of an ACE. You can also select the ACE check box and use the up and down arrows next to the table to place the entry in the desired position.