R3721-F3210-F3171-HP High-End Firewalls Access Control Command Reference-6PW101

ManualsBrandsHP ManualsComputer AccessoriesHP 7100/7200 IPsec dl Module

Table 10 TCP/UDP-specific parameters for IPv6 advanced ACL rules

Parameters Function Descri

tion

source-port operator

port1 [ port2 ]

Specifies one or

more UDP or TCP

source ports

The operator argument can be lt (lower than), gt (greater than),

eq (equal to), neq (not equal to), or range (inclusive range).

The port1 and port2 arguments are TCP or UDP port numbers in

the range 0 to 65535. port2 is needed only when the operator

argument is range.

TCP port numbers can be represented in these words: chargen

(19), bgp (179), cmd (514), daytime (13), discard (9), domain

(53), echo (7), exec (512), finger (79), ftp (21), ftp-data (20),

gopher (70), hostname (101), irc (194), klogin (543), kshell

(544), login (513), lpd (515), nntp (119), pop2 (109), pop3

(110), smtp (25), sunrpc (111), tacacs (49), talk (517), telnet

(23), time (37), uucp (540), whois (43), and www (80).

UDP port numbers can be represented in these words: biff

(512)

, bootpc (68), bootps (67), discard (9), dns (53), dnsix

(90), echo (7), mobilip-ag (434), mobilip-mn (435),

nameserver (42), netbios-dgm (138), netbios-ns (137),

netbios-ssn (139), ntp (123), rip (520), snmp (161), snmptrap

(162), sunrpc (111), syslog (514), tacacs-ds (65), talk (517),

tftp (69), time (37), who (513), and xdmcp (177).

destination-port

operator port1

[ port2 ]

Specifies one or

more UDP or TCP

destination ports

{ ack ack-value | fin

fin-value | psh

psh-value | rst

rst-value | syn

syn-value | urg

urg-value } *

Specifies one or

more TCP flags,

including ACK, FIN,

PSH, RST, SYN, and

URG

Parameters specific to TCP.

The value for each argument can be 0 (flag bit not set) or 1 (flag

bit set).

The TCP flags in a rule are ORed. For example, a rule

configured with ack 1 psh 0 match packets that have the ACK

flag bit set and packets that have the PSH flag bit not set.

established

Specifies the flags for

indicating the

established status of

a TCP connection

Parameter specific to TCP.

The rule matches TCP connection packets with the ACK or RST

flag bit set.

If the protocol argument takes icmpv6 (58), you can set the parameters shown in Table 11.

Table 11 ICMPv6-specific parameters for IPv6 advanced ACL rules

Parameters Function Descri

tion

icmp6-type

{ icmp6-type

icmp6-code |

icmp6-message }

Specifies the ICMPv6

message type and

code

The icmp6-type argument ranges from 0 to 255.

The icmp6-code argument ranges from 0 to 255.

The icmp6-message argument specifies a message name.

Supported ICMP message names and their corresponding type

and code values are listed in Table 12.

Table 12 ICMPv6 message names supported in IPv6 advanced ACL rules

ICMPv6 messa

name ICMPv6 messa

ICMPv6 messa

e code

echo-reply 129 0

echo-request 128 0

err-Header-field 4 0