R3166-R3206-HP High-End Firewalls Access Control Command Reference-6PW101
12
Parameters Function Descri
p
tion
{ ack ack-value | fin fin-value | psh
psh-value | rst rst-value | syn
syn-value | urg urg-value } *
Specifies one or more
TCP flags including
ACK, FIN, PSH, RST,
SYN, and URG
Parameters specific to TCP.
The value for each argument can be 0 (flag
bit not set) or 1 (flag bit set).
For example, a rule configured with ack 1
psh 0 may match packets that have the ACK
flag bit set and the PSH flag bit not set on one
firewall
If the protocol argument takes icmp (1), you can set the parameters shown in Table 5.
Table 5 ICMP-specific parameters for IPv4 advanced ACL rules
Parameters Function Descri
p
tion
icmp-type { icmp-type [ icmp-code ]
| icmp-message }
Specifies the ICMP message type
and code
The icmp-type argument ranges
from 0 to 255.
The icmp-code argument ranges
from 0 to 255.
The icmp-message argument
specifies a message name.
Supported ICMP message names
and their corresponding type and
code values are listed in Table 6.
Table 6 ICMP message names supported in IPv4 advanced ACL rules
ICMP messa
g
e name ICMP messa
g
e t
yp
e
ICMP messa
g
e code
echo 8 0
echo-reply 0 0
fragmentneed-DFset 3 4
host-redirect 5 1
host-tos-redirect 5 3
host-unreachable 3 1
information-reply 16 0
information-request 15 0
net-redirect 5 0
net-tos-redirect 5 2
net-unreachable 3 0
parameter-problem 12 0
port-unreachable 3 3
protocol-unreachable 3 2
reassembly-timeout 11 1
source-quench 4 0
source-route-failed 3 5