I have an query in the ACL for the below.
IP access-list Extended Newyear
10 permit tcp 10.125.31.0 0.0.0.63 eq 445 host 188.8.131.52- I have only seen the port number will be written at end followed by the host.
What is the meaning of this syntax?
The ACL simply states it will permit a connection when the source connection uses port TCP/445 and destination port TCP/any.
It is unusual to specify the source port but not out of the question.
My understanding of that entry would translate to -
A host coming from the 10.125.31.0/26 subnet with a source port of 445 going to a destination of 184.108.40.206 with any tcp port destination.
in IP extended ACL the TCP or UDP port is positional:
if provided after the source address it means source TCP/UDP port if provided at the end after destination address it means destination TCP/UDP port.
This is something that is not clear at the beginning.
If traffic is coming from servers the well known port will be a source port, if traffic is going to servers the well known port will be a destination port.
Hope to help