Restrict someone to connect to some services.

Reference

https://extreme-networks.my.site.com/ExtrArticleDetail?an=000083345

Configure

# 1. 
vi allow.pol

# 2.
entry allow-1 {
  if {
    source-address 192.168.1.1/32;
    destination-address 192.168.10.1/32;
    protocol tcp;
    destination-port 4660;
  }
  then {
    permit;
  }
}
entry allow-mgmt {
  if {
    source-address 10.10.10.1/32;
    destination-address 192.168.10.1/32;
    protocol tcp;
    destination-port 23;
  }
  then {
    permit;
  }
}
entry deny-all {
  if {
    desination-address 192.168.10.1/32;
  }
  then {
    deny;
  }
}

# 3.
refresh policy allow.pol
configure access-list "allow.pol" ports 1-10 ingress