SAP Parameter ACL-Syntax - Syntax of ACL file

ACL Syntax
Syntax of the ACL File
Lines in the ACL file (access control list) must have the followingsyntax:
<(><<)>permit|deny> <(><<)>ip-address[/mask]> [tracelevel] [# comment]

  • permit permits a connection, and deny denies a connection.

  • <(><<)>IP address>. The IP address must be an IPv4 or IPv6 address in
  • the following form:
    IPv4: 4 byte, decimal, '.' separated: e.g.
    IPv6: 16 byte, hexadecimal, ':' separated. '::' is supported
    • <(><<)>mask> If a mask is specified, it must be a subnetwork prefix
    • mask:
      IPv4: 0-32
      IPv6: 0-128
      • <(><<)>tracelevel> Trace level, with which ACL hits (matches of
      • addresses based on the subnetwork mask) are written to the relevanttrace file (default value 2).
        • <(><<)># comment> Comment lines begin with a hash sign "#".

        • The file can contain blank lines.

        • As the last rule a general ban is inserted automatically. To make it
        • obvious, an explicit "deny" should be entered anyway as the last rule.
          • The rules are checked sequentially from the top down.

          • The first relevant rule determines the result ("first match").

          • Example of a file
            permit # permit client network
            permit # permit server network
            permit 1 # screening rule
            # (learning mode, trace level 1)
            permit 2001:db8::1428:57ab # permit IPv6 host
            deny # deny the rest