R3303-HP HSR6800 Routers Security Configuration Guide
349
[Router-GigabitEthernet3/0/1] firewall packet-filter 3001 inbound
# Apply ACL 3002 to packets that come in through Serial 2/1/1.
[Router-GigabitEthernet3/0/1] quit
[Router] interface serial 2/1/1
[Router-Serial2/1/1] firewall packet-filter 3002 inbound
Configuring an ASPF
ASPF configuration task list
Task Remarks
Enabling the firewall function Required.
Configuring an ASPF policy Required.
Applying an ASPF policy to an interface Required.
Configuring port mapping Optional.
Enabling the firewall function
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Enable the IPv4 firewall
function.
firewall enable { all | slot slot-number }
Disabled by default.
Configuring an ASPF policy
Ste
p
Command
Remarks
1. Enter system view.
system-view N/A
2. Create an ASPF policy and
enter its view.
aspf-policy aspf-policy-number N/A
3. Specify to drop ICMP error
messages.
icmp-error drop
Optional.
By default, ICMP error messages
are not dropped.
4. Specify to drop non-SYN
packet that is the first packet
over a TCP connection.
tcp syn-check
Optional.
By default, a non-SYN packet that
is the first packet over a TCP
connection is not dropped.