Arista¶

Header Format¶

The arista header designation has the following format:

targets:
    arista: [filter name] {standard|extended|object-group|inet6}

filter name: defines the name of the arista filter.
standard: specifies that the output should be a standard access list
extended: specifies that the output should be an extended access list
object-group: specifies this is a arista extended access list, and that object-groups should be used for ports and addresses.
inet6: specifies the output be for IPv6 only filters.
mixed: #TODO: does this exist on all Cisco inherited platforms?
enable_dsmo: #TODO: does this exist on all Cisco inherited platforms?

for common keys see common.md
address: One or more network address tokens, matches source or destination.
destination-exclude: Exclude one or more address tokens from the specified destination-address
dscp_match: Match a DSCP number.
icmp-code: Specifies the ICMP code to filter on.
logging: Specify that this packet should be logged via syslog.
owner: Owner of the term, used for organizational purposes.
source-exclude: exclude one or more address tokens from the specified source-address.
verbatim: this specifies that the text enclosed within quotes should be rendered into the output without interpretation or modification. This is sometimes used as a temporary workaround while new required features are being added.
verbose: adds additional remark statements with the term name, owner (if set) and the comment (if set) (default: True)

option: {established|is-fragment|tcp-established}

established: Only match established connections, implements tcp-established for tcp and sets destination port to 1024-65535 for udp if destination port is not defined.
is-fragment: Matches on if a packet is a fragment.
tcp-established: Only match established tcp connections, based on statefull match or TCP flags. Not supported for other protocols.