P Commands
portgroup portgroup
established
flags
(Optional; TCP, UDP, and SCTP only) Specifies that
the rule matches only packets that are from a source
port or to a destination port that is a member of the
IP port-group object specified by the portgroup
argument. Whether the port-group object applies to
a source port or a destination port depends upon
whether you specify it after the source argument or
after the destination argument.
Use the object-group ip port command to create and
change IP port-group objects.
(TCP only; Optional) Specifies that the rule matches
only packets that belong to an established TCP
connection. The device considers TCP packets with
the ACK or RST bits set to belong to an established
connection.
(TCP only; Optional) Rule matches only packets that
have specific TCP control bit flags set. The value of
the flags argument must be one or more of the
following keywords:
• ack
• fin
• psh
• rst
• syn
• urg
Cisco Nexus 7000 Series Security Command Reference
permit (IPv6)
565