# Access Control List

# URL

frinx-openconfig-acl:acl/acl-sets/acl-set=,

# OPENCONFIG YANG

{
    "acl-set": [
        {
            "name": "",
            "type": ""
            "config": {
            	"name": "",
            	"type": "",
		"frinx-acl-extension:default-fwd-action": "",
		"frinx-acl-extension:enabled": false
            },
            "acl-entries": {
                "acl-entry": [
                    {
                        "sequence-id": "",
                        "config": {
                            "sequence-id": "",
                            "frinx-acl-extension:term-name": ""
                        },
                        "frinx-acl-extension:precedence": "",
                        "ipv4|ipv6": {
                            "config": {
                            	"protocol": ,
                            	"source-address": "",
                            	"destination-address": "",
                            	"frinx-acl-extension:hop-range": "..",
				"frinx-acl-extension:source-address-wildcarded": {
                                    "wildcard-mask": "",
                                    "address": ""
                                },
				"frinx-acl-extension:destination-address-wildcarded": {
                                    "wildcard-mask": "",
                                    "address": ""
                                },
                            }
                        },
                        "icmp": {
                            "config": {
                            	"msg-type": " | ANY"
                            }
                        },
                        "transport": {
                            "config": {
                            	"source-port": "",
                            	"destination-port": "",
				"frinx-acl-extension:source-port-named": "",
				"frinx-acl-extension:destination-port-named": "",
				"frinx-acl-extension:established":  //true or false
                            }
                        },
                        "frinx-acl-extension:option": ""|,
                        "actions": {
                            "config": {
                                "forwarding-action": "",
                                "frinx-acl-extension:instance-name": "",
                                "log-action": ""
                            }
                        }
                    }
                ]
            }
        }
    ]
}

# OS Configuration Commands

# Cisco IOS Classic

# CLI

ipv4|ipv6 access-list  
	    {eq|neq|range  }   {eq|neq|range  }  ttl range    precedence  option |

ipv4|ipv6 is a conversion of
*eq|neq|range * is a conversion of or , operation is selected by entered port range
*eq|neq|range * is a conversion of or , operatioons is selected by entered port range
| acl option could be defined by enumeration named options or by number in range 0-255
** is a conversion of , when true, value is "established", when false, there is empty value ""

# Examples
ipv4 access-list test123
	2 permit 4.4.4.4/32 7.7.7.7/32
ipv4 access-list test123
	3 permit tcp 1.1.1.1/32 range 1024 65535 2.2.2.2/32 range 0 1023
ipv4 access-list test123
	5 deny icmp 1.1.1.1/32 2.2.2.2/32 8 ttl range 0 10

# Cisco IOS XR 5.3.4

# CLI

ipv4|ipv6 access-list  
	    {range  }   {range  }  ttl range  

ipv4|ipv6 is a conversion of

# Examples
ipv4 access-list test123
	2 permit 4.4.4.4/32 7.7.7.7/32
ipv4 access-list test123
	3 permit tcp 1.1.1.1/32 range 1024 65535 2.2.2.2/32 range 0 1023
ipv4 access-list test123
	5 deny icmp 1.1.1.1/32 2.2.2.2/32 8 ttl range 0 10
# Unit

Link to github : xr-unit

# Cisco IOS XR 6.6.2

# CLI

ipv4|ipv6 access-list  
        {range  }   {range  }

ipv4|ipv6 is a conversion of

# Examples
ipv4 access-list test123
  10 deny ipv4 10.0.0.0/8 any
  20 deny ipv4 any 172.16.0.0/12
  30 permit ipv4 any any
ipv6 access-list test123
  10 permit icmpv6 any any
  20 deny ipv6 ::/8 any
  30 permit ipv6 any any
# Unit

Link to github : xr-unit

# Cisco IOS XE 15.4(2)S

# CLI

ip access-list extend 
	    {range  }   {range  } 
ipv6 access-list 
	    {range  }   {range  } sequence 

** is a conversion of , when true, value is "established", when false, there is empty value ""

# Examples
ip access-list extended TEST1
    3 permit tcp host 1.1.1.1 eq 1024 host 2.2.2.2 eq 0
    10 deny ip any any
ipv6 access-list TEST2
    deny icmp any any sequence 10
    deny ipv6 any 2400:2000:3::/48 sequence 20
    deny udp host 10:11:12::2 any sequence 2
# Unit

Link to github : xe-unit

# Junos 14.1X53-D40.8

# CLI

set firewall family inet filter  term  from source-address 
set firewall family inet filter  term  from protocol 
set firewall family inet filter  term  from destination-port 
set firewall family inet filter  term  then 
set firewall family inet filter  term  then routing-instance 
# Unit

Link to github : junos-unit

# Ciena SAOS 6.14

# CLI

access-list create acl-profile  default-filter-action 
access-list disable profile 
access-list add profile  rule  precedence  filter-action  any

conversion is ACCEPT = allow, DROP = deny
*access-list disable profile * is a conversion of frinx-acl-extension:enabled set to false. Default value is true.

# Unit

Link to github : [saos-unit]