Manual Chapter : 3-DNS Reference Guide version 4.2: Access Control Lists

Applies To:

Show Versions Show Versions

3-DNS Controller versions 1.x - 4.x

  • 4.2 PTF-10, 4.2 PTF-09, 4.2 PTF-08, 4.2 PTF-07, 4.2 PTF-06, 4.2 PTF-05, 4.2 PTF-04, 4.2 PTF-03, 4.2 PTF-02, 4.2 PTF-01, 4.2.0
Manual Chapter


Access Control Lists

Working with access control lists

With access control lists (ACLs), you can block probing for members of the ACL when you use dynamic RTT probing on your 3-DNS. Table 3.1 lists the ACL types and describes their functions.

Access control list types and descriptions

ACL Type



Prober ACLs limit round-trip time probes.


Hops ACLs limit traceroute probes.

To define ACLs using the Configuration utility

  1. In the navigation pane, click System.
    The System - General screen opens.
  2. On the toolbar, click ACL.
    The ACL Configuration screen opens.
  3. Add the settings for the ACLs you want to create, and click Update. For more information on this screen, click Help on the toolbar.

To define ACLs from the command line

  1. If one does not already exist, create a file called region.ACL in the /var/3dns/include directory. You must add the include file at the beginning of the wideip.conf file.
  2. Add the file to /etc/wideip.conf by typing, at the command line:

    include "region.ACL"

Tip: When you create ACLs by editing the wideip.conf file from the command line, we strongly recommend that you put the ACLs in a separate include file.

The ACLs you can create are probe_acl, and hops_acl. Figure 3.1 is an example of the syntax for a region.ACL file with definitions for the two ACL types.

Figure 3.1 Sample region.ACL file

 actions {     
delete rdb ACL region "probe_acl"
delete rdb ACL region "hops_acl"
region_db ACL {
region {
name "probe_acl"
region "probe_acl"
region {
name "hops_acl"