Sequence-based ACL editing

You can specify and modify the sequence in which ACL rules are applied to traffic.

By default, the order in which ACL rules run is determined by the sequence in which they are added to the ACL. Beginning with FastIron 08.0.50—preserving this order—sequence numbers are automatically added to existing ACL rules in the following manner:
  • The first rule within each ACL is numbered 10.
  • The sequence number for each succeeding rule is incremented by 10.

In new ACLs that you create, specifying rule sequence numbers is optional. However, sequence numbers are assigned automatically in the previously mentioned order.

Sequence numbers have the following advantages:
  • If you need a new rule to run between existing rules, you assign the new rule a sequence number between those two rules.
  • New rules are implemented seamlessly, with no need to re-apply ACLs.
  • If you delete a rule, there is no need to re-apply the ACL.

If you add a rule to an ACL without specifying its sequence, the rule is added at the end of the list. Such a rule is automatically assigned the next multiple of 10 as a sequence number.

The following actions are also supported:
  • Suppressing sequence numbers towards a downgrade
  • Regenerating sequence numbers within a specified ACL. Although by default, such regeneration assigns 10 to the first rule and increments each succeeding rule by 10, you can specify both parameters. Sequence regeneration settings (first sequence number and sequence interval number) are persistent, even following reload of the active unit.