Business Community > All Threads > The number of ACL rules has reached the limit
< All Threads

The number of ACL rules has reached the limit

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.

The number of ACL rules has reached the limit

This thread has been locked for further replies. You can start a new thread to share your ideas or ask questions.
The number of ACL rules has reached the limit
The number of ACL rules has reached the limit
2023-09-01 23:14:23
Tags: #ACL
Model: Omada Software Controller (Linux)  
Hardware Version: V1
Firmware Version: 5.9.31
Tried to create another rule for SWITCH ACL, I have 15 with one disabled, and then I could not because Omada tells me I reached a limit :O
 
Why?
 
How to fix?
 
Thank you.
 
  0      
 
  0      
 
#1
Options
10 Reply
Re:The number of ACL rules has reached the limit
2023-09-04 07:46:19

Hi @MwaItou,

 

Bidirectional ACLs generate two rules for each ACL, and you have set up 16 of them, so it has generated 32 rules, which is the upper limit. Please check the Datasheet.

 

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  1  
  1  
#2
Options
Re:The number of ACL rules has reached the limit
2023-09-04 22:59:29 - last edited 2023-09-04 23:00:34

Hi @Hank21 

 

Glad to know I am nowhere near the limit on ACL rules for the switch. wink

 

Here's my config:

 

 

Rule 3/4 are the reverse of each other. All other rules are unidirectional.

 

So since I'm well within the 32 rules 😁, what could be the problem?

  0  
  0  
#3
Options
Re:The number of ACL rules has reached the limit
2023-09-05 01:38:01

Hello @MwaItou,

 

Maybe you set some ACLs which is one Network corresponding to multiple Networks, then multiple ACL entries are also generated in this case.

You may access the switch via SSH, and show all ACL rules to check.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  1  
  1  
#4
Options
Re:The number of ACL rules has reached the limit
2023-09-05 11:57:45

Hello @Hank21 

 

Nice to know, thanks.

 

Upon showing all the ACL using the terminal, holy molly, there's a LOT of ACL rules.

 

I've got 14 "combined access list" which corresponds to the 14 "enabled" rules in Omada.

 

However, each combined list have loads of rules. For example, the first one have 336 rules in it.

 

So now I am confused by the specs where it says max 32 ACL rules. So what is considered as a "rule" then?

 

  0  
  0  
#5
Options
Re:The number of ACL rules has reached the limit
2023-09-06 02:30:14

Hi @MwaItou,

 

Did you use the Command "show access-list status" via CLI?

Could you share a screenshot of the list on the CLI page with us?

The port and protocol you choose when setting up an ACL will both affect the ACL resource calculation, have you tried using the Gateway ACL?

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  0  
  0  
#6
Options
Re:The number of ACL rules has reached the limit
2023-09-06 10:58:25

  @Hank21 

 

So I guess I would hit the combined ACL limit by creating other rules. sad

 

For this ACL rule in Omada

 

 

I get this combined ACL result:

 

TL-SG2218#show access-list
Combined access list 1000 name: "ACL_1000"
    rule 1 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 2 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 3 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 4 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 5 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 6 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 7 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 8 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 9 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 10 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 11 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 12 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 13 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 14 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 15 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 16 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 17 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 18 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 19 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 20 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 21 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 22 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 23 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 24 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 25 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 53 d-port-mask ffff
    rule 26 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 67 d-port-mask ffff
    rule 27 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 68 d-port-mask ffff
    rule 28 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 6 d-port 853 d-port-mask ffff
    rule 29 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 30 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 31 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 32 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 33 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 34 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 35 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 36 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 37 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 38 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 39 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 40 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 41 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 42 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 43 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 44 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 45 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 46 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 47 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 48 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 49 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 50 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 51 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 52 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 53 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 53 d-port-mask ffff
    rule 54 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 67 d-port-mask ffff
    rule 55 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 68 d-port-mask ffff
    rule 56 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 17 d-port 853 d-port-mask ffff
    rule 57 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 58 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 59 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 60 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 61 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 62 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 63 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 1
    rule 64 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 65 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 66 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 67 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 68 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 69 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 70 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 37
    rule 71 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 72 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 73 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 74 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 75 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 76 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 77 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 8
    rule 78 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 79 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 80 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 81 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 82 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 83 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 84 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 88
    rule 85 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 86 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 87 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 88 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 89 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 90 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 91 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 98
    rule 92 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 93 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 94 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 95 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 96 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 97 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 98 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 50
    rule 99 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 100 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 101 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 102 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 103 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 104 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 105 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 97
    rule 106 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 107 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 108 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 109 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 110 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 111 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 112 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 133
    rule 113 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 114 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 115 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 116 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 117 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 118 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 119 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 47
    rule 120 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 121 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 122 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 123 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 124 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 125 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 126 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 20
    rule 127 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 128 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 129 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 130 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 131 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 132 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 133 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 38
    rule 134 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 135 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 136 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 137 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 138 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 139 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 140 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 45
    rule 141 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 142 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 143 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 144 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 145 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 146 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 147 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 9
    rule 148 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 149 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 150 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 151 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 152 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 153 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 154 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 4
    rule 155 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 156 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 157 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 158 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 159 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 160 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 161 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 108
    rule 162 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 163 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 164 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 165 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 166 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 167 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 168 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 94
    rule 169 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 170 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 171 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 172 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 173 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 174 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 175 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 124
    rule 176 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 177 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 178 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 179 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 180 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 181 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 182 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 29
    rule 183 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 184 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 185 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 186 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 187 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 188 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 189 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 115
    rule 190 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 191 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 192 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 193 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 194 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 195 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 196 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 135
    rule 197 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 198 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 199 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 200 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 201 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 202 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 203 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 137
    rule 204 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 205 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 206 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 207 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 208 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 209 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 210 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 89
    rule 211 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 212 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 213 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 214 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 215 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 216 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 217 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 103
    rule 218 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 219 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 220 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 221 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 222 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 223 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 224 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 12
    rule 225 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 226 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 227 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 228 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 229 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 230 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 231 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 27
    rule 232 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 233 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 234 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 235 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 236 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 237 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 238 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 46
    rule 239 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 240 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 241 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 242 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 243 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 244 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 245 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 132
    rule 246 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 247 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 248 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 249 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 250 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 251 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 252 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 57
    rule 253 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 254 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 255 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 256 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 257 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 258 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 259 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 5
    rule 260 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 261 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 262 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 263 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 264 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 265 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 266 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 136
    rule 267 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 268 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 269 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 270 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 271 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 272 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 273 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 81
    rule 274 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 275 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 276 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 277 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 278 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 279 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 280 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 112
    rule 281 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 282 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 283 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 284 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 285 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 286 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 287 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 22
    rule 288 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 289 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 290 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 291 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 292 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 293 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 294 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 36
    rule 295 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 296 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 297 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 298 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 299 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 300 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 301 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 138
    rule 302 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 303 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 304 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 305 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 306 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 307 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 308 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 139
    rule 309 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 310 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 311 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 312 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 313 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 314 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 315 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 140
    rule 316 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 317 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 318 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 319 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 320 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 321 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 322 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 141
    rule 323 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 324 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 325 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 326 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 327 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 328 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 329 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 142
    rule 330 permit logging disable sip 192.168.0.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
    rule 331 permit logging disable sip 192.168.10.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
    rule 332 permit logging disable sip 192.168.20.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
    rule 333 permit logging disable sip 192.168.40.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
    rule 334 permit logging disable sip 192.168.60.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
    rule 335 permit logging disable sip 192.168.80.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58
    rule 336 permit logging disable sip 192.168.100.1 sip-mask 255.255.255.0 dip 192.168.10.161 dip-mask 255.255.255.255 protocol 58

 

And here's the profile group used:

 

 

Other "combined" access rules are not that huge compared to this one.

 

The reason I need this rule is because I disable all network communication between VLANS and since AdGuard is in a VLAN, I need it to allow DNS and DHCP to come through.

 

I would use the gateway but last time I tried I found it quite limiting since I can't specify ports.

 

By using a gateway rule, would it be used if the switch determines that it does not need to go to the switch since communication would be port-to-port direct within the switch?

  0  
  0  
#7
Options
Re:The number of ACL rules has reached the limit
2023-09-07 01:41:41

Hello @MwaItou,

 

For now, the Gateway ACL does not support you to choose the IP-Port, but the switch does offer that option. If you want to replace a rule from the Switch ACL with the Gateway ACL, you can choose one to delete and add the DNS-related rule in the Switch ACL as your image shows. By the way, the protocol you selected resulted in the generation of multiple ACL rules. However, if you choose 'All' for the Protocol, it will generate only one rule. Just thought you should know.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  1  
  1  
#8
Options
Re:The number of ACL rules has reached the limit
2023-09-07 17:02:48 - last edited 2023-09-07 17:05:59

  @Hank21 

 

Thanks for the tip about the protocol. Didn't know that indeed.

 

Not sure though what you meant in the first part of your reply.

 

Also, do you know if the switch will use a gateway ACL rule defined to deny access between VLAN? I am thinking that since two devices connected to the switch won't use the gateway as it is not needed since a direct switch connection can be made.

  1  
  1  
#9
Options
Re:The number of ACL rules has reached the limit
2023-09-08 03:53:50

Hi @MwaItou,

 

The Gateway ACL is available and active only for the Omada Router, and the Swtich ACL will be active only on the switch devices.

Best Regards! >> Omada EAP Firmware Trial Available Here << >> Get the Latest Omada SDN Controller Releases Here << *Try filtering posts on each forum by Label of [Early Access]*
  1  
  1  
#10
Options
Re:The number of ACL rules has reached the limit
2023-09-08 11:47:14

  @Hank21 

 

Ok, so then having a gateway ACL preventing clients from connecting between VLAN would only work if each client is connected to a gateway port then?

 

If they are physically connected to switch ports then the ACL won't even be used?

 

  0  
  0  
#11
Options

Information

Helpful: 0

Views: 1415

Replies: 10

Tags

ACL
Related Articles
The number of rules has reached the limit
881 1
The number of users has reached the limit.
670 0
"The number of logs is up to the limit" alert messages
9018 0
Trouble setting up ACL rules to allow communication across VLANs
1101 0
VLAN and Firewall Rules
296 0
The number of clients to be configured with Rate Limit has reached the limit
893 0
About Us
Press
Copyright © TP-Link Systems Inc. All rights reserved.