F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Access Control Configuration Guide-6PW100
21
Ste
p
Command Remarks
5. Create or edit a
rule.
rule [ rule-id ] { deny | permit }
[ counting | fragment | logging
| routing [ type routing-type ] |
source { source-address
source-prefix |
source-address/source-prefix |
any } | time-range
time-range-name | vpn-instance
vpn-instance-name ] *
By default, an IPv6 basic ACL does not contain
any rule.
The logging keyword takes effect only when the
module (for example, a firewall) using the ACL
supports logging.
6. Add or edit a rule
comment.
rule rule-id comment text
Optional.
By default, no rule comments are configured.
7. Add or edit a rule
range remark.
rule [ rule-id ] remark text
Optional.
By default, no rule range remarks are configured.
120BConfiguring an advanced ACL
267BConfiguring an IPv4 advanced ACL
IPv4 advanced ACLs match packets based on source IP addresses, destination IP addresses, packet
priorities, protocols over IP, and other protocol header information, such as TCP/UDP source and
destination port numbers, TCP flags, ICMP message types, and ICMP message codes.
Compared to IPv4 basic ACLs, IPv4 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv4 advanced ACL:
Ste
p
Command Remarks
1. Enter system view.
system-view N/A
2. Create an IPv4
advanced ACL and
enter its view.
acl number acl-number [ name
acl-name ] [ match-order { auto |
config } ]
By default, no ACL exists.
IPv4 advanced ACLs are numbered in the
range of 3000 to 3999.
You can use the acl name acl-name
command to enter the view of a named ACL.
3. Configure a
description for the
IPv4 advanced ACL.
description text
Optional.
By default, an IPv4 advanced ACL has no
ACL description.
4. Set the rule
numbering step.
step step-value
Optional.
The default setting is 5.