HP VPN Firewall Appliances Network Management Command Reference
343
The following matrix shows the values for the protocol argument on different firewalls and firewall
modules:
Hardware Protocol
ke
y
words
F1000-A-EI/F1000-S-EI bgp, direct, ospf, rip, and static
F1000-E bgp, direct, ospf, rip, and static
F5000 bgp, direct, isis, ospf, rip, and static
F5000-S/F5000-C bgp, direct, ospf, rip, and static
VPN firewall modules direct, ospf, rip, and static
20-Gbps VPN firewall modules direct, ospf, rip, and static
process-id: Specifies a process by its ID in the range of 1 to 65535. This argument is available only when
the protocol is isis, rip, or ospf.
Usage guidelines
To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL
in one of the following ways:
• To deny/permit a route with the specified destination, use the rule [ rule-id ] { deny | permit } ip
source sour-addr sour-wildcard command.
• To deny/permit a route with the specified destination and mask, use the rule [ rule-id ] { deny |
permit } ip source sour-addr sour-wildcard destination dest-addr dest-wildcard command.
The source keyword specifies the destination address of a route and the destination keyword specifies the
subnet mask of the route. The subnet mask must be contiguous. Otherwise, the configuration does not
take effect.
Examples
# Use ACL 2000 to filter redistributed routes.
<Sysname> system-view
[Sysname] acl number 2000
[Sysname-acl-basic-2000] rule deny source 192.168.10.0 0.0.0.255
[Sysname-acl-basic-2000] quit
[Sysname] ospf 100
[Sysname-ospf-100] filter-policy 2000 export
# Configure ACL 3000 to permit only route 113.0.0.0/16 to pass. Use ACL 3000 to filter redistributed
routes.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0
[Sysname-acl-adv-3000] rule 100 deny ip
[Sysname-acl-adv-3000] quit
[Sysname] ospf 100
[Sysname-ospf-100] filter-policy 3000 export
Related commands
import-route