Access Control List Commands

nv show acl

	nv show acl Display all available ACLs on the system.
Syntax Description	N/A
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show acl Type Summary --- acl-default-dos ipv4 rule: 10 rule: 20 rule: 30 acl-default-dos-ipv6 ipv6 rule: 10 rule: 20 rule: 30 acl-default-loopback ipv4 rule: 10 acl-default-loopback-ipv6 ipv6 rule: 10 acl-default-outbound ipv4 rule: 10 rule: 20 acl-default-outbound-ipv6 ipv6 rule: 10 rule: 20 acl-default-whitelist ipv4 rule: 10 rule: 20 acl-default-whitelist-ipv6 ipv6 rule: 10 rule: 20 rule: 30`
REST API	GET https://<ip>/nvue_v1/acl
Related Commands	nv set acl
Notes

nv unset acl

	nv unset acl Clear all the new configured ACLs and restore the original default ACLs.
Syntax Description	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv unset acl`
REST API	DELETE https://<ip>/nvue_v1/acl
Related Commands	nv show acl
Notes	This command will remove the modifications/extra ACLs configured on the system and restore to the original default ACLs.

nv show acl id

	nv show acl <acl-id> Get ACL <acl-id> information (i.e., rule-ids and the ACL type: ipv4 or ipv6).
Syntax Description	acl-id	ACL name
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl_1 operational applied ---- ----------- ------- type ipv4 ipv4 rule ======= Number Summary ------ ---------------------- 1 action: permit match.ip.protocol: tcp`
REST API	GET https://<ip>/nvue_v1/acl/<acl-id>
Related Commands	nv show acl
Notes

nv set/unset acl id

	nv set acl <acl-id> nv unset acl <acl-id> Create a new custom ACL Delete an existing ACL.
Syntax Description	acl-id	New, custom ACL name
History	25.02.2002
Example	`admin@nvos:~$nv set acl EXAMPLE_ACL`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/<acl-id>
Related Commands	nv show acl
Notes	ACL name can be chosen to any generic name but is important later on binding multiple ACLs on the same interface and same direction since ACLs list of rules will be ordered with lexicographical order. For example, ACL with name 'A' that has 10 rules and acl with name 'B' with 5 rules, if bound to the same direction on the same interface, the 10 rules of acl 'A' will be before the 5 rules of acl 'B'. This command is not enough for applying this custom acl, it needs to have at least one rule in it and needs to belong to the ip type either ipv4 or ipv6. The unset command will not remove the specified ACL if it is bound to an interface. The user must unbind it and then use this command to delete the ACL. Unset of default ACL will restore the original list of rules of that ACL.

nv set/unset acl type

	nv set acl <acl-id> type <acl-type> nv unset acl <acl-id> type <acl-type> Add ACL type, whether it is an IPv4 or IPv6 ACL.
Syntax Description	acl-id	New, custom ACL name
	acl-type	Enum: ipv4 \| ipv6
History	25.02.2002
Example
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/<acl-id>/type/
Related Commands	nv show acl
Notes	Each ACL must have a type

nv show acl rule

	nv show acl <acl-id> rule Display all the rules configured on the specified ACL.
Syntax Description	acl-id	ACL name
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule Number Summary ------ ---------------------------------- 10 action: permit match.ip.protocol: udp match.ip.udp.dest-port: 161 remark: Whitelist-snmp 20 action: permit match.ip.protocol: tcp match.ip.tcp.dest-port: 443 remark: Whitelist-https 30 action: permit match.ip.protocol: tcp match.ip.tcp.dest-port: 22 remark: Whitelist-ssh`
REST API	GET https://<ip>/nvue_v1/acl/<acl-id>/rule
Related Commands	nv show acl <acl-id>
Notes

nv show acl rule id

	nv show acl <acl-id> rule <rule-id> Show ACL rule <rule-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 operational applied ---------------------- -------------- -------------- remark Whitelist-snmp Whitelist-snmp match ip protocol udp udp udp [dest-port] 161 161 [connection-state] new new [connection-state] established established action permit permit`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule

	nv set acl <acl-id> rule <rule-id> nv unset acl <acl-id> rule <rule-id> Set/remove ACL rule <rule-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl user_custom_acl rule 10`
REST API	PATH https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	This command is used to declare the specified rule with the specified ACL. Mere application of configuration is insufficient. Matching criteria on either the packet or action for this rule must be specified in order to be effective.

nv set/unset acl rule remark

	nv set acl <acl-id> rule <rule-id> remark <string> nv unset acl <acl-id> rule <rule-id> remark <string> Set/remove ACL rule <rule-id> remark configurations (remark is the same as description).
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl user_custom_acl rule 20 remark "MY-PROTECTIVE-RULE"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/deny
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The remark acts the same as a description of a rule.

nv show acl rule action

	nv show acl <acl-id> rule <rule-id> action Show ACL rule <rule-id> action configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 action operational applied ----------- ------- permit permit`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule action permit

	nv set acl <acl-id> rule <rule-id> action permit nv unset acl <acl-id> rule <rule-id> action permit Set/remove ACL rule <rule-id> action permit.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl user_custom_acl rule 10 action permit`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/permit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Only one action per rule can be specified. Any rule matching the specified rule will be accepted to the system. Leaving a rule with no action will make the action as "permit" by default

nv set/unset acl rule action deny

	nv set acl <acl-id> rule <rule-id> action deny nv unset acl <acl-id> rule <rule-id> action deny Set/remove ACL rule <rule-id> action deny.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl user_custom_acl rule 20 action deny`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/deny
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Only one action per rule can be specified. Any rule matching the specified rule will be rejected by the system and will be processed any further. Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv set/unset acl rule action log log-prefix

	nv set acl <acl-id> rule <rule-id> action log log-prefix <str> nv unset acl <acl-id> rule <rule-id> action log log-prefix <str> Set/remove ACL rule <rule-id> action log log-prefix <str>.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	log-prefix-str	String
History	25.02.2002
Example	`admin@nvos:~$ nv set acl user_custom_acl rule 20 action log` `admin@nvos:~$ nv set acl user_custom_acl rule 30 action log log-prefix "Dropped-by-custom-acl"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/log PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/log/log-prefix/<log-prefix-str>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Only one action per rule can be specified. Log-prefix can be set to empty string. Any packet matching specified rule with logging action will be logged to netfilter log. Leaving a rule with no action will leave any packet matching the specified rule unaffected.

nv show acl rule match

	nv show acl <acl-id> rule <rule-id> match Show ACL rule <rule-id> match configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 match operational applied -------------------- ----------- ----------- ip protocol udp udp udp [dest-port] 161 161 [connection-state] new new [connection-state] established established`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Currently, displaying the matching criteria for the rule only contains layer 3 and 4 filtering criteria in the OSI model.

nv set/unset acl rule match

	nv set acl <acl-id> rule <rule-id> match nv unset acl <acl-id> rule <rule-id> match Set/remove ACL rule <rule-id> match.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl user_custom_acl rule 20 match`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Leaving a rule with empty matching criteria will cause the rule to match any packet. The unset form of the command will remove the match criteria of the rule.

nv show acl rule match ip

	nv show acl <acl-id> rule <rule-id> match ip Show ACL rule <rule-id> match IP configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 match ip operational applied ------------------ ----------- ----------- protocol udp udp udp [dest-port] 161 161 [connection-state] new new [connection-state] established established`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Displays the matching IP criteria for the rule.

nv set/unset acl rule match ip

	nv set acl <acl-id> rule <rule-id> match ip nv unset acl <acl-id> rule <rule-id> match ip Set/remove ACL rule <rule-id> match ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv unset acl user_custom_acl rule 20 match ip`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Leaving a rule with empty IP matching criteria will cause the rule to match any packet. The unset command will remove the IP match criteria of the rule.

nv show acl rule match ip udp

	nv show acl <acl-id> rule <rule-id> match ip udp Show ACL rule <rule-id> match IP UDP configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 match ip udp operational applied ----------- ----------- ------- [dest-port] 161 161`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching UDP IP criteria for the rule. The output primarily contains either the source port or destination port.

nv show acl rule match ip udp dest-port

	nv show acl <acl-id> rule <rule-id> match ip udp dest-port Show ACL rule <rule-id> match IP UDP dest-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 match ip udp dest-port Ports ----- 161`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/dest-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The command displays the matching dest-port of UDP IP criteria for the rule. The rule can have more than dest-port configured.

nv set/unset acl rule match ip udp dest-port

	nv set acl <acl-id> rule <rule-id> match ip udp dest-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip udp dest-port <port-num> Configure/remove ACL rule <rule-id> match IP UDP dest-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum: ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp, http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp, snmp, snmp-trap, ssh, telnet, tftp \| ip-port-range)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp dest-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp dest-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/dest-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than dest-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip udp source-port

	nv show acl <acl-id> rule <rule-id> match ip udp source-port Show ACL rule <rule-id> match IP UDP source-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl custom-acl rule 650 match ip udp source-port Ports ----- 53 22`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/source-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching dest-port of UDP IP criteria for the rule. The rule can have more than dest-port configured.

nv set/unset acl rule match ip udp source-port

	nv set acl <acl-id> rule <rule-id> match ip udp source-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip udp source-port <port-num> Configure/remove ACL rule <rule-id> match IP UDP source-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum:ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp \| ip-port-range)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp source-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip udp source-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/udp/source-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than source-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip tcp

	nv show acl <acl-id> rule <rule-id> match ip tcp Show ACL rule <rule-id> match ip tcp configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 230 match ip tcp operational applied ----------- ----------- ------- [dest-port] 9351 9351 [dest-port] 9352 9352 [dest-port] 9353 9353 [dest-port] 9370 9370` `admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 50 match ip tcp operational applied ----------- ----------- ------- [dest-port] 9339 9339`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching UDP IP criteria for the rule. The output primarily contains any of the source-port, dest-port, flags, mask, mss, all-mss-except.

nv show acl rule match ip tcp dest-port

	nv show acl <acl-id> rule <rule-id> match ip tcp dest-port Show ACL rule <rule-id> match IP TCP dest-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 230 match ip tcp dest-port Ports ----- 9351 9352 9353 9370`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/dest-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching dest-port of TCP IP criteria for the rule. The rule can have more than dest-port configured.

nv set/unset acl rule match ip tcp dest-port

	nv set acl <acl-id> rule <rule-id> match ip tcp dest-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip tcp dest-port <port-num> Configure/remove ACL rule <rule-id> match ip tcp dest-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum: ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp \| ip-port-range)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp dest-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp dest-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/dest-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than source-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip tcp source-port

	nv show acl <acl-id> rule <rule-id> match ip tcp source-port Show ACL rule <rule-id> match IP TCP source-port configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl custom-acl rule 650 match ip tcp source-port Ports ----- 53 22`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/source-port
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Display the matching dest-port of UDP IP criteria for the rule. The rule can have more than the dest-port configured.

nv set/unset acl rule match ip tcp source-port

	nv set acl <acl-id> rule <rule-id> match ip tcp source-port <port-num> nv unset acl <acl-id> rule <rule-id> match ip tcp source-port <port-num> Configure/remove ACL rule <rule-id> match ip tcp source-port <port-num> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	port-num	IP port ID (integer: 0–65535 \| enum:ANY, bootpc, bootps, clag, dhcp-client, dhcp-server, domain, ftp,http, https, imap2, ldap, ldaps, ntp, msdp, pop3, smtp,snmp, snmp-trap,ssh, telnet, tftp \| ip-port-range)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp source-port 22 admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp source-port 53`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/source-port/<port-num>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The rule can have more than source-port configured. Rule cannot be configured with more than one source port and more than one dest-port at the same time in the same rule. For example, the user cannot configure ports 22, 53 on the dest-port and 1813 on the source-port, but can configure 22 on dest-port and 1813 on source-port. The user can configure more than one port on dest-port or source-port.

nv show acl rule match ip tcp flags

	nv show acl <acl-id> rule <rule-id> match ip tcp flags Show ACL rule <rule-id> match ip tcp flags configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 60 match ip tcp flags -o json { "none": {} }`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip tcp flags

	nv set acl <acl-id> rule <rule-id> match ip tcp flags (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) nv unset acl <acl-id> rule <rule-id> match ip tcp flags (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) Configure/remove ACL rule <rule-id> match ip tcp flags <flag-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	flag-id	enum: (syn \| ack \| fin \| rst \| urg \| psh \| all \| none)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp flags all admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp flags urg admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp flags psh admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp flags syn`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags/<flag-id>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user can configure multiple flags that are not 'none' or 'all'. The flag configurations must come with TCP mask configurations.

nv show acl rule match ip tcp mask

	nv show acl <acl-id> rule <rule-id> match ip tcp mask ACL rule <rule-id> match IP TCP mask configuration.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT rule 60 match ip tcp mask -o json { "ack": {}, "fin": {}, "rst": {}, "syn": {} }`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/mask
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip tcp mask

	nv set acl <acl-id> rule <rule-id> match ip tcp mask (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) nv unset acl <acl-id> rule <rule-id> match ip tcp mask (syn \| ack \| fin \| rst \| urg \| psh \| all \| none) Configure/remove ACL rule <rule-id> match ip tcp mask <flag-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	flag-id	enum: (syn \| ack \| fin \| rst \| urg \| psh \| all \| none)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp mask all admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mask urg admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mask psh admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mask syn`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/flags/<flag-id>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user can configure multiple flags that are not 'none' or 'all'. The flag configurations must come with TCP mask configurations.

nv set/unset acl rule match ip tcp mss

	nv set acl <acl-id> rule <rule-id> match ip tcp mss <mss-format> nv unset acl <acl-id> rule <rule-id> match ip tcp mss <mss-format> Configure/remove ACL rule <rule-id> match ip tcp mss configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mss-format	tcpmss value could be an integer or a range. Examples: "0-1", "536-65535", "65000", "128"
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp mss 536 admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp mss 536-65535`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/mss/<mss-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The command will match TCP packets with the specified MSS values.

nv set/unset acl rule match ip tcp all-mss-except

	nv set acl <acl-id> rule <rule-id> match ip tcp all-mss-except <mss-format> nv unset acl <acl-id> rule <rule-id> match ip tcp all-mss-except <mss-format> Configure/remove ACL rule <rule-id> match ip tcp all-mss-except configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mss-format	tcpmss value could be an integer or a range. Examples: "0-1", "536-65535", "65000", "128"
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip tcp all-mss-except 536 admin@nvos:~$ nv set acl custom-acl rule 660 match ip tcp all-mss-except 536-65535`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/tcp/all-mss-except/<mss-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The command will match all TCP packets with MSS value different than the specified MSS values.

nv set/unset acl rule match ip fragment

	nv set acl <acl-id> rule <rule-id> match ip fragment nv unset acl <acl-id> rule <rule-id> match ip fragment Configure/remove ACL rule <rule-id> match IP fragment configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip fragment`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/fragment
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Match fragmented packets.

nv show acl rule match ip ecn

	nv show acl <acl-id> rule <rule-id> match ip ecn Configure/remove ACL rule <rule-id> match IP ECN configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$nv show acl b rule 1 match ip ecn operational applied ------ ----------- ------- ip-ect 3 3`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip ecn

	nv set acl <acl-id> rule <rule-id> match ip ecn nv unset acl <acl-id> rule <rule-id> match ip ecn Configure/remove ACL rule <rule-id> match IP ECN configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv unset acl custom-acl rule 650 match ip ecn`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip ecn ip-ect

	nv set acl <acl-id> rule <rule-id> match ip ecn ip-ect <ip-ect-num> nv unset acl <acl-id> rule <rule-id> match ip ecn ip-ect <ip-ect-num> Configure/remove ACL rule <rule-id> match IP ECN ip-ect configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	ip-ect	ip-ect (integer: 0-3)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip ecn ip-ect 0`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/ip-ect
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip ecn flags

	nv set acl <acl-id> rule <rule-id> match ip ecn flags <ecn-flag> nv unset acl <acl-id> rule <rule-id> match ip ecn flags <ecn-flag> Configure/remove ACL rule <rule-id> match IP ECN ip-ect configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	en-flag	enum: tcp-cwr \| tcp-ece
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 650 match ip ecn flags tcp-cwr`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/flags/<flag-id>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show acl rule match ip connection-state

	nv show acl <acl-id> rule <rule-id> match ip connection-state Show ACL rule <rule-id> match IP connection-state configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-whitelist-ipv6 rule 10 match ip connection-state operational applied ----------- ----------- new new established established`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/connection-state
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip connection-state

	nv set acl <acl-id> rule <rule-id> match ip connection-state <state-id> nv unset acl <acl-id> rule <rule-id> match ip connection-state <state-id> Configure/remove ACL rule <rule-id> match IP connection-state <state-id> configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	state-id	state-id can be: established, invalid, new, related
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip connection-state new`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/ecn/ip-ect
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Multiple connection-states can be configured.

nv show acl rule match ip extension-header

	nv show acl <acl-id> rule <rule-id> match ip extension-header Show ACL rule <rule-id> match IP extension-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl ACL1 rule 1 match ip extension-header operational applied --------------------- ------------------------- ------------------------ type hop-by-hop hop-by-hop`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/extension-header
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip extension-header type

	nv set acl <acl-id> rule <rule-id> match ip extension-header type <hop-by-hop> nv unset acl <acl-id> rule <rule-id> match ip extension-header type <hop-by-hop> Configure/remove ACL rule <rule-id> match IP extension-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip extension-header type hop-by-hop`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/extension-header/type/<type>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	This configuration is relevant to IPv6 ACLs only. Matches '-m hbh' in ip6tables tool

nv show acl rule match ip routing-header

	nv show acl <acl-id> rule <rule-id> match ip routing-header Show ACL rule <rule-id> match ip routing-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl ACL_MGMT_INBOUND_CP_DEFAULT_IPV6 rule 850 match ip routing-header operational applied ---- ----------- ------- type 0 0`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/routing-header
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl ACL rule match ip routing-header type

	nv set acl <acl-id> rule <rule-id> match ip routing-header type <hop-by-hop> nv unset acl <acl-id> rule <rule-id> match ip routing-header type <hop-by-hop> Configure/remove ACL rule <rule-id> match ip routing-header configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip extension-header type 0`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/routing-header/type/<type>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	This configuration is relevant to IPv6 ACLs only. Matches '-m rt' in ip6tables tool

nv set/unset acl ACL rule match ip source-ip

	nv set acl <acl-id> rule <rule-id> match ip source-ip <ip-format> nv unset acl <acl-id> rule <rule-id> match ip source-ip <ip-format> Configure/remove ACL rule <rule-id> match ip source-ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	source-ip	(ANY \| <ipv4> \| <ipv6> \| <ipv4-prefix> \| <ipv6-prefix> \| <ipv4-netmask> \| <ipv6-netmask>)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip source-ip 127.0.0.1/8`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/source-ip/<ip-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user cannot configure IPv4 address on an ACL with IPv6 and vice versa.

nv set/unset acl ACL rule match ip dest-ip

	nv set acl <acl-id> rule <rule-id> match ip dest-ip <ip-format> nv unset acl <acl-id> rule <rule-id> match ip dest-ip <ip-format> Configure/remove ACL rule <rule-id> match ip dest-ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	dest-ip	(ANY \| <ipv4> \| <ipv6> \| <ipv4-prefix> \| <ipv6-prefix> \| <ipv4-netmask> \| <ipv6-netmask>)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip dest-ip 127.0.0.1/8`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/dest-ip/<ip-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The user cannot configure IPv4 address on an ACL with IPv6 and vice versa.

nv set/unset acl rule match ip protocol

	nv set acl <acl-id> rule <rule-id> match ip protocol <protocol-format> nv unset acl <acl-id> rule <rule-id> match ip protocol <protocol-format> Configure/remove ACL rule <rule-id> match IP dest-ip configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	protocol-format	(0-255 \| tcp \| udp \| icmp \| icmpv6)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip protocol tcp`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/protocol/<protocol-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set/unset acl rule match ip icmp-type

	nv set acl <acl-id> rule <rule-id> match ip icmp-type <icmp-format> nv unset acl <acl-id> rule <rule-id> match ip icmp-type <icmp-format> Configure/remove ACL rule <rule-id> match IP ICMP-type configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	icmp-format	(0-255 \| echo-reply \| echo-request \| time-exceeded \| dest-unreachable \| port-unreachable)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type echo-reply` `admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type 9`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/icmp-type/<icmp-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The protocol must be specified to be ICMP `$nv set acl custom-acl rule 10 match ip protocol icmp` IPv4 type must be specified for the configured ACL.

nv set/unset acl rule match ip icmpv6-type

	nv set acl <acl-id> rule <rule-id> match ip icmpv6-type <icmp-format> nv unset acl <acl-id> rule <rule-id> match ip icmpv6-type <icmp-format> Configure/remove ACL rule <rule-id> match IP ICMPv6-type configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	icmpv6-format	(0-255 \| router-solicitation \| router-advertisement \| neighbor-solicitation \| neighbor-advertisement)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type router-solicitation` `admin@nvos:~$ nv set acl custom-acl rule 10 match ip icmp-type 9`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/icmpv6-type/<icmpv6-format>
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	The protocol must be specified to be ICMPv6. `$nv set acl custom-acl rule 10 match ip protocol icmpv6` IPv6 type must be specified for the configured ACL.

nv show acl rule match ip recent-list

	nv show acl <acl-id> rule <rule-id> match ip recent-list Show ACL rule <rule-id> match ip recent-list configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv show acl acl-default-dos rule 120 match ip recent-list operational applied --------------- ----------- ------- name TCP TCP update-interval 60 60 hit-count 100 100 action update update`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'recent' iptables module. Used to filter IP address that passes a specific rate. In the above example, the rate is 100 packets per 60 seconds, if a source-ip sends more than this rate, the IP address will be blocked.

nv set/unset acl rule match ip recent-list name

	nv set acl <acl-id> rule <rule-id> match ip recent-list name <generic-name> nv unset acl <acl-id> rule <rule-id> match ip recent-list name <generic-name> Configure/remove ACL rule <rule-id> match IP recent-list name configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list name "EXAMPLE"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-listFor action set: configure name and action=setFor action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv set/unset acl rule match ip recent-list action

	nv set acl <acl-id> rule <rule-id> match ip recent-list action (set \| update) nv unset acl <acl-id> rule <rule-id> match ip recent-list action (set \| update) Configure/remove ACL rule <rule-id> match IP recent-list action configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list action update`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-listFor action set: configure name and action=setFor action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv set/unset acl rule match ip recent-list hit-count

	nv set acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295) nv unset acl <acl-id> rule <rule-id> match ip recent-list hit-count (1-4294967295) Configure/remove ACL rule <rule-id> match ip recent-list hit-count configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list hit-count 100`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-listFor action set: configure name and action=setFor action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv set/unset acl rule match ip recent-list update-interval

	nv set acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295) nv unset acl <acl-id> rule <rule-id> match ip recent-list update-interval (1-4294967295) Configure/remove ACL rule <rule-id> match ip recent-list update-interval configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip recent-list update-interval 60`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	In order to configure recent-list, the user needs to configure action and name for the recent-listFor action set: configure name and action=setFor action update: configure name and action=update, hit-count and update-interval There can be multiple recent-lists in the system and each is distinguished by a name. Refer to the documentation of 'recent' in 'iptables' for further information.

nv show acl rule match ip hashlimit

	nv show acl <acl-id> rule <rule-id> match ip hashlimit Show ACL rule <rule-id> match ip hashlimit configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nnv show acl acl-default-dos rule 600 match ip hashlimit operational applied ----------- ----------- ---------- name LOGGING LOGGING rate-above 1/min 1/min burst 5 5 source-mask 32 32 expire 4294967295 4294967295 mode src-ip src-ip`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/recent-list
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. This is another way to filter IP addresses. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit name

	nv set acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name> nv unset acl <acl-id> rule <rule-id> match ip hashlimit name <generic-name> Configure/remove ACL rule <rule-id> match IP hashlimit name configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit name "Limiter"`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit rate-above

	nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit rate-above <rate-format> Configure/remove ACL rule <rule-id> match IP hashlimit rate configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	rate-format	Rate limit, should be in the following format: integer/time-unit where time-unit is one of [second \| min \| hour]. The max supported rate is 1000000/second
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit rate 2/min`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit burst

	nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit burst <burst-int> Configure/remove ACL rule <rule-id> match IP hashlimit burst configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	burst-int	integer:1–4294967295
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit burst 5`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit expire

	nv [un]set acl <acl-id> rule <rule-id> match ip hashlimit expire <expire-int> Configure/remove ACL rule <rule-id> match IP hashlimit expire configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	expire-int	integer:1–4294967295
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit expire 3`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit mode

	nv set acl <acl-id> rule <rule-id> match ip hashlimit mode <mode> nv unset acl <acl-id> rule <rule-id> match ip hashlimit mode <mode> Configure/remove ACL rule <rule-id> match IP hashlimit mode configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mode	(enum:src-ip, dst-ip \| string)
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit mode src-ip`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit destination-mask

	nv set acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <mask> nv unset acl <acl-id> rule <rule-id> match ip hashlimit destination-mask <mask> Configure/remove ACL rule <rule-id> match IP hashlimit destination-mask configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mask	integer: for ipv4 the range is 0-32 and for ipv6 the range is 0-128
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit destination-mask 32`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv set/unset acl rule match ip hashlimit source-mask

	nv set acl <acl-id> rule <rule-id> match ip hashlimit source-mask <mask> nv unset acl <acl-id> rule <rule-id> match ip hashlimit source-mask <mask> Configure/remove ACL rule <rule-id> match ip hashlimit source-mask configurations.
Syntax Description	acl-id	ACL name
	rule-id	Rule number (integer: 1–65535)
	mask	Integer: IPv4 range: 0–32 IPv6 range: 0–128
History	25.02.2002
Example	`admin@nvos:~$ nv set acl custom-acl rule 10 match ip hashlimit source-mask 32`
REST API	PATCH/DELETE https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/match/ip/hashlimit
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	Matches the 'hashlimit' iptables module. The following properties are required for configuration: name, rate-above, burst, expire, mode.

nv show interface acl

	nv show interface <iface-id> acl Display the ACL bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	admin@nvos:~$ nv show interface eth0 acl ACL Name Rule ID In Packets In Bytes Out Packets Out Bytes ------------------------ ------- ----------- ------- ---------- --------- acl-default-dos 10 0 0 Bytes 20 260 20.45 KB 30 0 0 Bytes 40 0 0 Bytes 50 0 0 Bytes acl-default-dos-ipv6 10 0 0 Bytes 20 0 0 Bytes 30 0 0 Bytes 40 0 0 Bytes acl-default-outbound 10 0 0 Bytes 20 295 32.96 KB acl-default-outbound-ipv6 10 0 0 Bytes 20 0 0 Bytes acl-default-whitelist 10 0 0 Bytes 20 0 0 Bytes 30 1083 82.80 KB acl-default-whitelist-ipv6 10 0 0 Bytes 20 0 0 Bytes 30 0 0 Bytes
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface lo acl

	nv show interface lo acl Display the acl bound to the loopback interface.
Syntax Description	N/A
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface lo acl ACL Name Rule ID In Packets In Bytes Out Packets Out Bytes ------------------------ -------- ----------- --------- ------------ ---------- acl-default-loopback 10 0 0 Bytes acl-default-loopback-ipv6 10 0 0 Bytes`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl id

	nv show interface <iface-id> acl <acl-id> Display the given acl-id bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist Statistics =============== Rule In Packet In Byte Out Packet Out Byte Action Match ---- ---------- -------- ---------- --------- -------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl statistics

	nv show interface <iface-id> acl <acl-id> statistics Display the given acl-id statistics bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist statistics Rule In Packet In Byte Out Packet Out Byte Action Match ---- ---------- -------- ---------- --------- ------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/statistics
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl statistics id

	nv show interface <iface-id> acl <acl-id> statistics <rule-id> Display the given acl-id statistics bound to the interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist statistics 10 operational applied ---------------------- ----------- ------- match ip protocol udp udp [dest-port] 161 [connection-state] new [connection-state] established action permit inbound packet 0 byte 0 Bytes`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/statistics/{rule-id}
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv show interface acl outbound

	nv show interface <iface-id> acl <acl-id> outbound Display the given acl-id bound to the interface in the outbound direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist outbound Statistics =============== Rule Out Packet Out Byte Action Match ---- ---------- --------------- ------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp 20 0 0 Bytes permit ip tcp dest-port : 443 connection-state new : False established : False protocol : tcp`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface acl outbound control-plane

	nv show interface <iface-id> acl <acl-id> outbound control-plane Display the given acl-id bound to the interface in the outbound control-plane direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-outbound outbound control-plane Statistics =============== Rule Out Packet Out Byte Action Match ---- --------- -------- ------------------------------------------ ----------------------------- 10 0 0 Bytes deny ip connection-state invalid : False 20 47 4824 Bytes permit`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface acl inbound

	nv show interface <iface-id> acl <acl-id> inbound Display the given acl-id bound to the interface in the inbound direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist inbound Statistics =============== Rule In Packet In Byte Action Match ---- ---------- -------- --------------------------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv show interface acl inbound control-plane

	nv show interface <iface-id> acl <acl-id> Display the given acl-id bound to the control-plane in the inbound direction.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002 25.02.70xx Updated output
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist inbound control-plane Statistics =============== Rule In Packet In Byte Action Match ---- --------- -------- ------------------------------------------ ----------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp`
REST API	GET https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	If an ACL is configured on one direction and not the other, it will be shown in the parent show (nv show interface <iface> acl <acl-id>) and not in the show of the direction it is not configured on.

nv set/unset interface acl inbound

	nv set interface <iface-id> acl <acl-id> inbound nv unset interface <iface-id> acl <acl-id> inbound Configure/remove the binding of the given ACL on the specified interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.2002
Example	`admin@nvos:~$ nv set interface eth0 acl ACL1 inbound`
REST API	PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inboun
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set/unset interface acl inbound control-plane

	nv set interface <iface-id> acl <acl-id> inbound control-plane nv unset interface <iface-id> acl <acl-id> inbound control-plane Configure the binding of the given ACL on the specified interface. The unset form of the command removes the binding of the given ACL on the specified interface.
Syntax Description	iface-id	interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.2002 25.02.70xx Updated syntax
Example	`admin@nvos:~$ nv set interface eth0 acl acl-default-dos inbound control-plane` `admin@nvos:~$ nv unset interface eth0 acl acl-default-whitelist inbound control-plane`
REST API	PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/inbound/control-plane
	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be applied to both inbound and inbound control-plane, or to both outbound and outbound control-plane, on the same interface. Resetting the firewall rules to their default settings on the interface restores normal behavior.

nv set/unset interface acl outbound control-plane

	nv set interface <iface-id> acl <acl-id> onbound control-plane nv unset interface <iface-id> acl <acl-id> onbound control-plane Configure the binding of the given ACL on the specified interface. The unset form of the command removes the binding of the given ACL on the specified interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.2002
Example	`admin@nvos:~$ nv set interface eth0 acl acl-default-outbound outbound control-planeadmin@nvos:~$ nv unset interface eth0 acl acl-default-outbound outbound control-plane`
REST API	PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound/control-plane
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set/unset interface acl outbound

	nv set interface <iface-id> acl <acl-id> outbound nv unset interface <iface-id> acl <acl-id> outbound Configure/remove the binding of the given ACL on the specified interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL name
History	25.02.2002
Example	`admin@nvos:~$ nv set interface eth0 acl acl-default-outbound outboundadmin@nvos:~$ nv unset interface eth0 acl acl-default-outbound outbound`
REST API	PATCH/DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}/outbound
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes	An ACL cannot be bound to inbound and inbound control-plane or cannot be bound to outbound and outbound control-plane on the same interface!

nv set/unset interface acl

	nv set interface <iface-id> acl nv unset interface <iface-id> acl Set the ACL configurations for the particular interface. Unset the ACL configurations for the particular interface.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
History	25.02.2002
Example	`admin@nvos:~$ nv set interface eth0 acl admin@nvos:~$ nv unset interface eth0 acl`
REST API	PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl
Related Commands
Notes	Unsetting an interface ACL (at any level) should not restore the default binding; it should behave as a standard unset operation. Setting or unsetting rules on an interface works just like standard NVUE behavior.

nv set/unset interface acl id

	nv set interface <id> acl <acl-id> nv unset interface <id> acl <acl-id> Set the ACL configurations for the particular interface acl-id. Unset the ACL configurations for the particular interface acl-id.
Syntax Description	iface-id	Interface could be one of 'eth0' or 'loopback'
	acl-id	ACL Name
History	25.02.2002 25.02.70xx Updated ACL names
Example	`admin@nvos:~$ nv set interface eth0 acl acl-default-dos admin@nvos:~$ nv unset interface eth0 acl acl-default-whitelist`
REST API	PATCH https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id} DELETE https://<ip>/nvue_v1/interface/{interface-id}/acl/{acl-id}
Related Commands
Notes	Unsetting an interface ACL (at any level) should not restore the default binding; it should behave as a standard unset operation. Setting or unsetting rules on an interface works just like standard NVUE behavior.

nv set/unset interface

	nv set interface nv unset interface Set the interface configurations. Unset and unset the interface configurations.
Syntax Description	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv set interface admin@nvos:~$ nv unset interface`
REST API	PATCH https://<ip>/nvue_v1/interface DELETE https://<ip>/nvue_v1/interface
Related Commands
Notes	Unsetting an interface ACL (at any level) should not restore the default binding; it should behave as a standard unset operation. Setting or unsetting rules on an interface works just like standard NVUE behavior.

nv action clear acl counters

	nv action clear acl counters Clear the ACL counters in the show command.
Syntax Description	N/A
History	25.02.2002
Example	`admin@nvos:~$ nv action clear acl counters`
REST API	POST https://<ip>/nvue_v1/acl
Related Commands	nv set acl <acl-id> rule <rule-id>
Notes

nv set acl rule action set dscp

	nv set acl rule action set dscp Set DSCP value for packets.
Syntax Description	acl-id	ACL ID to manipulate
	rule-id	Rule to configure dscp
	Dscp-value	It could be enum or an integer. Enums supported: af11 af12 af13 af21 af22 af23 af31 af32 af33 af41 af42 af43 cs1 cs2 cs3 cs4 cs5 cs6 cs7 be ef Or an integer in the range [0,63]
History	25.02.4002
Example	`admin@nvos:~$ nv set acl ACL1 rule 10 action set dscp ef`
REST API	PATCH https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/set
Related Commands	nv show acl rule action
Notes	Supported only for the management interface. Configurable only in inbound and outbound directions!

nv set/unset system control-plane acl

	nv set system control-plane acl <acl-id><outbound \| inbound> nv unset system control-plane acl <acl-id> Binds ACL to the system control-plane and sets its direction. The unset form of the command unbinds a specific system control-plane ACL. If no particular ACL ID is specified, the command will unbind all system control-plane ACLs.
Syntax Description	acl-id	ACL ID
	inbound	Binds in inbound direction
	outbound	Binds in outbound direction
History	25.02.70xx
Example	`admin@nvos:~$ nv set system control-plane acl acl-default-whitelist-ipv6 inbound` `admin@nvos:~$ nv unset system control-plane acl acl_1 admin@nvos:~$ nv unset system control-plane acl`
REST API	PATCH https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}
Related Commands	nv show system control-plane acl
Notes

nv show system control-plane acl

	nv show system control-plane acl Show system control-plane ACL configuration.
Syntax Description	N/A
History	25.02.70xx
Example	admin@nvos:~$ nv show system control-plane acl ACL Name Rule ID In Packets In Bytes Out Packets Out Bytes -------------------------- ------- ---------- ---------- ----------- --------- acl-default-dos 10 3819 236.91 KB 20 1218 64.07 KB 30 0 0 Bytes acl-default-dos-ipv6 10 0 0 Bytes 20 0 0 Bytes 30 0 0 Bytes 40 0 0 Bytes acl-default-outbound 10 0 0 Bytes 20 295 32.96 KB acl-default-outbound-ipv6 10 0 0 Bytes 20 0 0 Bytes acl-default-whitelist 10 0 0 Bytes 20 0 0 Bytes 30 1083 82.80 KB acl-default-whitelist-ipv6 10 0 0 Bytes 20 0 0 Bytes 30 0 0 Bytes
REST API	GET https://<ip>/nvue_v1/system/control-plane/acl
Related Commands	nv set system control-plane acl nv show system control-plane
Notes

nv show system control-plane

	nv show system control-plane Show system control-plane configuration.
Syntax Description	N/A
History	25.02.70xx
Example	admin@nvos:~$ nv show system control-plane acl ====== ACL Name Rule ID In Packets In Bytes Out Packets Out Bytes -------------------------- ------- ---------- ---------- ----------- --------- acl-default-dos 10 3819 236.91 KB 20 1218 64.07 KB 30 0 0 Bytes acl-default-dos-ipv6 10 0 0 Bytes 20 0 0 Bytes 30 0 0 Bytes 40 0 0 Bytes acl-default-outbound 10 0 0 Bytes 20 295 32.96 KB acl-default-outbound-ipv6 10 0 0 Bytes 20 0 0 Bytes acl-default-whitelist 10 0 0 Bytes 20 0 0 Bytes 30 1083 82.80 KB acl-default-whitelist-ipv6 10 0 0 Bytes 20 0 0 Bytes 30 0 0 Bytes
REST API	GET https://<ip>/nvue_v1/system/control-plane/
Related Commands	nv show system control-plane acl
Notes

nv show system control-plane acl id

	nv show system control-plane acl <acl-id> Show system control-plane ACL identification.
Syntax Description	acl-id	ACL ID
History	25.02.70xx
Example	`admin@nvos:~$ nv show system control-plane acl acl-default-whitelist-ipv6 Statistics =============== Rule In Packet In Byte Out Packet Out Byte Action Match ---- ---------- --------------- ---------- --------------- -------------------------------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp 20 0 0 Bytes permit ip`
REST API	GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}
Related Commands	nv set system control-plane acl nv show system control-plane acl
Notes

nv show system control-plane acl statistics

	nv show system control-plane acl <acl-id> statistics Show system control-plane ACL statistics configuration.
Syntax Description	N/A
History	25.02.70xx
Example	`admin@nvos:~$ nv show system control-plane acl acl-default-whitelist-ipv6 statistics Rule In Packet In Byte Out Packet Out Byte Action Match ---- ---------- --------------- ---------- --------------- -------------------------------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp`
REST API	GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/statistics
Related Commands
Notes

nv show system control-plane acl id statistics

	nv show system control-plane acl <acl-id> statistics <rule-id> Show system control-plane ACL ID statistics rule-id.
Syntax Description	acl-id	ACL ID
	rule-id	Rule number (integer: 1–65535)
History	25.02.70xx
Example	`admin@nvos:~$ nv show interface eth0 acl acl-default-whitelist statistics 10 operational applied ---------------------- ----------- ------- match ip protocol udp udp [dest-port] 161 [connection-state] new [connection-state] established action permit inbound packet 0 byte 0 Bytes`
REST API	GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/statistics/{rule-id}
Related Commands
Notes

nv show system control-plane acl inbound

	nv show system control-plane acl <acl-id> inbound Show system control-plane ACL IC inbound direction details.
Syntax Description	acl-id	ACL ID
History	25.02.70xx
Example	`admin@nvos:~$ nv show system control-plane acl acl-default-whitelist-ipv6 inbound Statistics =============== Rule In Packet In Byte Action Match ---- ---------- ---------------- -------------------------------------------- ---------------------------- 10 0 0 Bytes permit ip udp dest-port : 161 connection-state new : False established : False protocol : udp`
REST API	GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/inbound
Related Commands
Notes	If an ACL is configured in one direction but not the other, it will appear in the parent show command (nv show interface acl) and not in the show command for the direction where it is not configured.

nv show system control-plane acl outbound

	nv show system control-plane acl <acl-id> outbound Show system control-plane ACL ID outbound direction details.
Syntax Description	N/A
History	25.02.70xx
Example	`admin@nvos:~$ nv show system control-plane acl acl-default-outbound outbound Statistics =============== Rule Out Packet Out Byte Action Match ---- ---------- --------------- -------------------------------------------- ---------------------------- 10 33 1716 Bytes deny ip connection-state invalid : False 20 3876 237065 Bytes permit`
REST API	GET https://<ip>/nvue_v1/system/control-plane/acl/{acl-id}/outbound
Related Commands
Notes	If an ACL is configured in one direction but not the other, it will appear in the parent show command (nv show interface acl) and not in the show command for the direction where it is not configured.

nv set/unset acl rule action recent

	nv set acl rule action recent nv unset acl rule action Set ACL rule action recent. The unset form of the command removes ACL rule action recent.
Syntax Description	acl-id	ACL ID
	rule-id	Rule number (integer: 1–65535)
History	25.02.70xx
Example	`admin@nvos:~$ nv set acl acl_2 rule 1 action recent`
REST API	GET https://<ip>/nvue_v1/acl/{acl-id}/rule/{rule-id}/action/recent
Related Commands
Notes	Only one action can be specified per rule. Any rule that matches the specified criteria will be accepted by the system. If a rule has no action defined, the default action will be "permit." If "match.ip.recent-list.action" is set, the default action is "recent." There is also the option to explicitly set the action to "recent" when "match.ip.recent-list" is configured.

Last updated: June 01, 2026