Manualshelf

Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 3000 Router Series
1101110211031104110511061107110811091110
3Com Router 3000 Ethernet Family
Command Reference Guide
Chapter 3 Access Control List Configuration
Commands
3Com Corporation
3-4
exist, a new rule number with the specified rule-id will be created. If you do not specify
the rule-id, A new rule will be created and the system will assign a rule-id to the ACL
rule automatically.
deny: Discards matched packets.
permit: Permits matched packets.
comment text: Specifies a comment for each rule.
protocol: Protocol type over IP expressed by name or number. The number range is
from 0 to 255, and the name range covers gre, icmp, igmp, ip, ipinip, ospf, tcp and udp.
source: Optional, specify source address information of ACL rule. If it is not configured,
it indicates that any source address of the packets matches.
sour-addr: Source IP address of packets in dotted decimal format. Or use "any" to
represent the source address 0.0.0.0 with the wildcard 255.255.255.255.
sour-wildcard: Source address wildcard in dotted decimal format. Inputting “0” indicates
that the wildcard is 0.0.0.0. It represents a host with the address specified by parameter
sour-addr.
destination: Optional, specify destination address information of ACL rule. If it is not
configured, it indicates that any destination address of the packets matches.
dest-addr: Destination IP address of packets in dotted decimal format. Or use "any" to
represent the destination address 0.0.0.0 with the wildcard 255.255.255.255.
dest-wildcard: Destination address wildcard in dotted decimal format. Inputting “0
indicates that the wildcard is 0.0.0.0. It represents a host with the address specified by
parameter dest-addr.
icmp-type: Optional, specify ICMP packet type and ICMP message code, only valid
when packet protocol is ICMP. If it is not configured, it indicates any ICMP packet
matches.
icmp-type: ICMP packet can be filtered according to ICMP message type. It is a number
ranging from 0 to 255.
icmp-code: ICMP packets that can be filtered according to ICMP message type can
also be filtered according to message code. It is a number ranging from 0 to 255.
icmp-message: ICMP packets can be filtered according to ICMP message type or
ICMP message code.
source-port: Optional, specify source port information of UDP or TCP packets, valid
only when the protocol specified by the rule is TCP or UDP. If it is not specified, it
indicates that any source port information of TCP/UDP packets matches.
destination-port: Optional, specify destination port information of UDP or TCP packets,
valid only when the protocol specified by the rule is TCP or UDP. If it is not specified, it
indicates that any destination port information of TCP/UDP packets matches.