R3303-HP HSR6800 Routers Security Configuration Guide

ManualsBrandsHP ManualsNetwork HardwareHP HSR68xx Configure-to-Order Router Solution

361

362

363

364

365

366

367

368

369

370

347

You can apply only one ACL to filter packets in one direction of an interface.

Configuring IPv6 packet filtering on an interface

IPv6 packet filtering is a basic firewall function of an IPv6-based ACL. You can configure IPv6 packet

filtering in the inbound or outbound direction of an interface so that the interface filters packets that

match the IPv6 ACL rules.

To configure IPv6 packet filtering on an interface:

Ste

Command

Remarks

1. Enter system view.

system-view N/A

2. Enter interface view.

interface interface-type

interface-number

N/A

3. Configure IPv6 packet filtering

on an interface.

firewall packet-filter ipv6

{ acl6-number | name acl6-name }

{ inbound | outbound }

IPv6 packets are not filtered by

default.

You can apply only one IPv6 ACL to filter packets in one direction of an interface.

Displaying and maintaining a packet-filter firewall

Task Command

Remarks

Display the packet filtering

statistics of the IPv4 firewall.

display firewall-statistics { all | interface

interface-type interface-number } [ | { begin

| exclude | include } regular-expression ]

Available in any view.

Display the packet filtering

statistics of the IPv6 firewall.

display firewall ipv6 statistics { all |

interface interface-type interface-number }

[ | { begin | exclude | include }

regular-expression ]

Available in any view.

Clear the packet filtering statistics

of the IPv4 firewall.

reset firewall-statistics { all | interface

interface-type interface-number }

Available in user view.

Clear the packet filtering statistics

of the IPv6 firewall.

reset firewall ipv6 statistics { all | interface

interface-type interface-number }

Available in user view.

Packet-filter firewall configuration example

Network requirements

As shown in Figure 115 :

• The internal network of a company is connected to GigabitEthernet 3/0/1 of the router, and the

internal users access the Internet through Serial 2/1/1 of the router.

• The company provides WWW, FTP and Telnet services to the outside. The internal subnet of the

company is 129.1.1.0, on which the internal FTP server address is 129.1.1.1, the Telnet server address

is 129.1.1.2, the internal WWW server address is 129.1.1.3, and the public address of the company

i s 2 0 .1.1.1. N AT i s e n a b l e d o n t h e r o u t e r s o t h a t hosts on the internal network can access to the

Internet and external hosts can access the internal servers.