SAP Parameter ACL-Syntax - Syntax of ACL file

Parameter
ACL Syntax
Syntax of the ACL File
Lines in the ACL file (access control list) must have the followingsyntax:
<(><<)>permit|deny> <(><<)>ip-address[/mask]> [tracelevel] [# comment]
Where

  • permit permits a connection, and deny denies a connection.

  • <(><<)>IP address>. The IP address must be an IPv4 or IPv6 address in
    • the following form:
    IPv4: 4 byte, decimal, '.' separated: e.g. 10.11.12.13
    IPv6: 16 byte, hexadecimal, ':' separated. '::' is supported
    • <(><<)>mask> If a mask is specified, it must be a subnetwork prefix
      • mask:
      IPv4: 0-32
      IPv6: 0-128
      • <(><<)>tracelevel> Trace level, with which ACL hits (matches of
        • addresses based on the subnetwork mask) are written to the relevanttrace file (default value 2).
        • <(><<)># comment> Comment lines begin with a hash sign "#".

        • The file can contain blank lines.

        • As the last rule a general ban is inserted automatically. To make it
          • obvious, an explicit "deny" should be entered anyway as the last rule.
          • The rules are checked sequentially from the top down.

          • The first relevant rule determines the result ("first match").

            • Example of a file
            permit 10.1.2.0/24 # permit client network
            permit 192.168.7.0/24 # permit server network
            permit 10.0.0.0/8 1 # screening rule
            # (learning mode, trace level 1)
            permit 2001:db8::1428:57ab # permit IPv6 host
            deny 0.0.0.0/0 # deny the rest