Manualshelf

R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module
21222324252627282930
20
To view rules in an ACL and their rule IDs, use the display acl all command.
Related commands: acl, display acl, step, and time-range.
Examples
# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10.0.0.0/8,
172.17.0.0/16, or 192.168.1.0/24.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule permit source 10.0.0.0 0.255.255.255
[Sysname-acl-basic-2000] rule permit source 172.17.0.0 0.0.255.255
[Sysname-acl-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Sysname-acl-basic-2000] rule deny source any
rule (IPv6 advanced ACL view)
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * | established } | counting | destination { dest dest-prefix |
dest/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label
flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging |
source { source source-prefix | source/source-prefix | any } | source-port operator port1 [ port2 ] |
time-range time-range-name | vpn-instance vpn-instance-name ] *
undo rule rule-id [ { { ac
k | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | dscp | flow-label | fragment | icmp6-type | logging | source | source-port |
time-range | vpn-instance ] *
View
IPv6 advanced ACL view
Default level
2: System level
Parameters
rule-id: Specifies a rule ID, which ranges from 0 to 65534. If no rule ID is provided when you create an
ACL rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Matches protocol carried over IPv6. It can be a number in the range 0 to 255, or in words, gre
(47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6), or udp (17) . Table 9 des
cribes the
parameters that you can specify regardless of the value that the protocol argument takes.