R3303-HP HSR6800 Routers Security Configuration Guide
345
Therefore, for multi-channel application layer protocols like FTP and H.323, the deployment of TCP
inspection without application layer inspection will lead to failure of establishing a data connection.
Configuring a packet-filter firewall
Packet-filter firewall configuration task list
Task Remarks
Enabling the firewall function Required.
Configuring the default filtering action of the firewall Optional.
Configuring packet filtering on an interface Required.
Enabling the firewall function
Enabling the IPv4 firewall function
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the IPv4 firewall
function.
• In standalone mode:
firewall enable { all | slot slot-number }
• In IRF mode:
firewall enable { all | chassis chassis-number
slot slot-number }
Disabled by default.
Enabling the IPv6 firewall function
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the IPv6 firewall function.
firewall ipv6 enable Disabled by default.
Configuring the default filtering action of the firewall
The default filtering action configuration is used for the firewall to determine whether to permit a data
packet to pass or deny the packet when there is no appropriate criterion for judgment.
IPv4 application
To configure the default filtering action of the IPv4 firewall:
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A