R2511-HP MSR Router Series Security Command Reference(V5)
398
firewall ipv6 fragments-inspect
Use firewall ipv6 fragments-inspect to enable IPv6 fragments inspection.
Use undo firewall ipv6 fragments-inspect to disable IPv6 fragments inspection.
Syntax
firewall ipv6 fragments-inspect
undo firewall ipv6 fragments-inspect
Default
IPv6 fragments inspection is disabled.
Views
System view
Default command level
2: System level
Examples
# Enable IPv6 fragments inspection.
<Sysname> system-view
[Sysname] firewall ipv6 fragments-inspect
firewall packet-filter
Use firewall packet-filter to configure IPv4 packet filtering on the interface.
Use undo firewall packet-filter to cancel the configuration.
Syntax
firewall packet-filter { acl-number | name acl-name } { inbound | outbound } [ match-fragments
{ exactly | normally } ]
undo firewall packet-filter { acl-number | name acl-name } { inbound | outbound }
Views
Interface view
Default command level
2: System level
Parameters
acl-number: Specifies a basic ACL number in the range of 2000 to 2999, an advanced ACL number in
the range of 3000 to 3999, or an Ethernet frame header ACL number in the range of 4000 to 4999.
name acl-name: Specifies the name of a basic or advanced IPv4 ACL; a case-insensitive string of 1 to 63
characters that must start with an alphabetical character a to z or A to Z. To avoid confusion, the word
all cannot be used as the ACL name.
inbound: Filters packets received by the interface.
outbound: Filters packets forwarded from the interface.
match-fragments { exactly | normally }: Specifies the fragment match mode (for advanced ACLs only).
The default match mode is normally.