Manualshelf

R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
11121314151617181920
11
Parameters Function
Descri
p
tion
fragment
Applies the rule to only non-first
fragments
Without this keyword, the rule
applies to all fragments and
non-fragments.
time-range time-range-name
Specifies a time range for the
rule
The time-range-name argument
takes a case insensitive string of 1 to
32 characters. It must start with an
English letter. If the time range is not
configured, the system creates the
rule; however, the rule using the time
range can take effect only after you
configure the timer range.
NOTE:
If you provide the precedence or tos keyword in addition to the dscp keyword, only the dscp keyword
takes effect.
If the protocol argument takes tcp (6) or udp (7), you can set the parameters shown in Table 4.
Table 4 TCP/UDP-specific parameters for IPv4 advanced ACL rules
Parameters Function Descri
p
tion
source-port operator port1 [ port2 ]
Specifies one or more
UDP or TCP source
ports
The operator argument can be lt (lower
than), gt (greater than), eq (equal to), neq
(not equal to), or range (inclusive range).
The port1 and port2 arguments are TCP or
UDP port numbers in the range 0 to 65535.
port2 is needed only when the operator
argument is range.
TCP port numbers can be represented in
these words: chargen (19), bgp (179), cmd
(514), daytime (13), discard (9), domain
(53), echo (7), exec (512), finger (79), ftp
(21), ftp-data (20), gopher (70), hostname
(101), irc (194), klogin (543), kshell (544),
login (513), lpd (515), nntp (119), pop2
(109), pop3 (110), smtp (25), sunrpc (111),
tacacs (49), talk (517), telnet (23), time
(37), uucp (540), whois (43), and www
(80).
UDP port numbers can be represented in
these words: biff (512), bootpc (68), bootps
(67), discard (9), dns (53), dnsix (90), echo
(7), mobilip-ag (434), mobilip-mn (435),
nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp
(123), rip (520), snmp (161), snmptrap
(162), sunrpc (111), syslog (514), tacacs-ds
(65), talk (517), tftp (69), time (37), who
(513), and xdmcp (177).
destination-port operator port1
[ port2 ]
Specifies one or more
UDP or TCP
destination ports