Manualshelf

F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Command Reference-6PW100

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
18
Table 7 ICMP message names supported in IPv4 advanced ACL rules
ICMP messa
g
e name ICMP messa
g
e t
yp
e
ICMP messa
g
e code
echo 8 0
echo-reply 0 0
fragmentneed-DFset 3 4
host-redirect 5 1
host-tos-redirect 5 3
host-unreachable 3 1
information-reply 16 0
information-request 15 0
net-redirect 5 0
net-tos-redirect 5 2
net-unreachable 3 0
parameter-problem 12 0
port-unreachable 3 3
protocol-unreachable 3 2
reassembly-timeout 11 1
source-quench 4 0
source-route-failed 3 5
timestamp-reply 14 0
timestamp-request 13 0
ttl-exceeded 11 0
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt fails.
To view rules in an ACL and their rule IDs, use the display acl all command.
Examples
# Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from
129.9.0.0/16 to 202.38.160.0/24, and enable logging matching packets.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq 80 logging
# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for
192.168.1.0/24.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit ip