R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Parameters Function Descri

tion

{ ack ack-value |

fin fin-value | psh

psh-value | rst

rst-value | syn

syn-value | urg

urg-value } *

Specifies one or more TCP

flags including ACK, FIN,

PSH, RST, SYN, and URG

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or

1 (flag bit set).

Whether the TCP flags in a rule are ORed. For example,

a rule configured with ack 1 psh 0 match packets that

have the ACK flag bit set and packets that have the PSH

flag bit not set.

established

Specifies the flags for

indicating the established

status of a TCP connection

Parameter specific to TCP.

The rule matches TCP connection packets with the ACK

or RST flag bit set.

If the protocol argument takes icmp (1), you can set the parameters shown in Table 7.

Table 7 ICMP-specific parameters for IPv4 advanced ACL rules

Parameters Function Descri

tion

icmp-type

{ icmp-type

[ icmp-code ] |

icmp-message }

Specifies the ICMP

message type and code

The icmp-type argument ranges from 0 to 255.

The icmp-code argument ranges from 0 to 255.

The icmp-message argument specifies a message name.

Supported ICMP message names and their corresponding

type and code values are listed in Table 8.

Table 8 ICMP message names supported in IPv4 advanced ACL rules

ICMP messa

e name ICMP messa

e t

ICMP messa

e code

echo 8 0

echo-reply 0 0

fragmentneed-DFset 3 4

host-redirect 5 1

host-tos-redirect 5 3

host-unreachable 3 1

information-reply 16 0

information-request 15 0

net-redirect 5 0

net-tos-redirect 5 2

net-unreachable 3 0

parameter-problem 12 0

port-unreachable 3 3

protocol-unreachable 3 2

reassembly-timeout 11 1

source-quench 4 0

source-route-failed 3 5