F3215-HP Load Balancing Module Security Command Reference-6PW101
31
Parameters Function Descri
p
tion
{ ack ack-value
| fin fin-value |
psh psh-value |
rst rst-value |
syn syn-value |
urg urg-value }
*
Specifies one or more
TCP flags, including
ACK, FIN, PSH, RST,
SYN, and URG.
Parameters specific to TCP.
The value for each argument can be 0 (flag bit not set) or 1 (flag bit
set).
The TCP flags in a rule are ORed. For example, a rule configured
with ack 1 psh 0 matches both packets with the ACK flag bit set and
packets with the PSH flag bit not set.
established
Specifies the flags for
indicating the
established status of a
TCP connection.
Parameter specific to TCP.
The rule matches TCP connection packets with the ACK or RST flag
bit set.
If the protocol argument takes icmpv6 (58), set the parameters shown in Table 11.
Table 11 ICMPv6-specific parameters for IPv6 advanced ACL rules
Parameters Function Descri
p
tion
icmp6-type { icmp6-type
icmp6-code |
icmp6-message }
Specifies the ICMPv6
message type and
code.
The icmp6-type argument is in the range of 0 to 255.
The icmp6-code argument is in the range of 0 to 255.
The icmp6-message argument specifies a message name.
Supported ICMP message names and their corresponding
type and code values are listed in Table 12.
Table 12 ICMPv6 message names supported in IPv6 advanced ACL rules
ICMPv6 messa
g
e
name ICMPv6 messa
g
e
t
yp
e
ICMPv6 messa
g
e code
echo-reply 129 0
echo-request 128 0
err-Header-field 4 0
frag-time-exceeded 3 1
hop-limit-exceeded 3 0
host-admin-prohib 1 1
host-unreachable 1 3
neighbor-advertisement 136 0
neighbor-solicitation 135 0
network-unreachable 1 0
packet-too-big 2 0
port-unreachable 1 4
redirect 137 0
router-advertisement 134 0
router-solicitation 133 0
unknown-ipv6-opt 4 2
unknown-next-hdr 4 1