HP VPN Firewall Appliances Network Management Command Reference
479
[Sysname] acl number 3000
[Sysname-acl-adv-3000] rule 10 permit ip source 113.0.0.0 0 destination 255.255.0.0 0
[Sysname-acl-adv-3000] rule 100 deny ip
[Sysname-acl-adv-3000] quit
[Sysname] bgp 100
[Sysname-bgp] filter-policy 3000 export
filter-policy import (BGP/BGP-VPN instance view)
Use filter-policy import to configure the filtering of incoming routing information.
Use undo filter-policy import to disable the filtering.
Syntax
filter-policy { acl-number | ip-prefix ip-prefix-name } import
undo filter-policy import
Default
Incoming routing information is not filtered.
Views
BGP view, BGP-VPN instance view
Default command level
2: System level
Parameters
acl-number: Specifies the number of an ACL used to filter incoming routing information, ranging from
2000 to 3999.
ip-prefix-name: Specifies the number of an IP prefix list used to filter incoming routing information, a string
of 1 to 19 characters.
Usage guidelines
To reference an advanced ACL (with a number from 3000 to 3999) in the command, configure the ACL
in one of the following ways:
• To deny/permit a route with the specified destination, use rule [ rule-id ] { deny | permit } ip source
sour-addr sour-wildcard.
• To deny/permit a route with the specified destination and mask, use rule [ rule-id ] { deny | permit }
ip source sour-addr sour-wildcard destination dest-addr dest-wildcard.
The source keyword specifies the destination address of a route, and the destination keyword specifies
the subnet mask of the route. (The subnet mask must be valid; otherwise, the configuration is ineffective.)
Examples
# In BGP view, reference ACL 2000 to filter incoming routing information.
<Sysname> system-view
[Sysname] bgp 100
[Sysname-bgp] filter-policy 2000 import
# In BGP-VPN instance view, reference ACL 2000 to filter incoming routing information. (The VPN has
been created.)
<Sysname> system-view