H3C S3100 Series Command Manual page 348

Parameters
logging
fragment
time-range
time-range-name
Setting the protocol argument to tcp or udp, you may define the parameters shown in
Table 4-3 TCP/UDP-specific parameters for advanced IPv6 ACL rules
Parameters
source-port operator
port1 [ port2 ]
destination-port
operator port1 [ port2 ]
{ ack ack-value | fin
fin-value | psh psh-value
| rst rst-value | syn
syn-value | urg
urg-value } *
established
Setting the protocol argument to icmpv6, you may define the parameters shown in
Function
Specifies to log matched
packets
Indicates that the rule applies to
only non-first fragments.
Specifies the time range in
which the rule takes effect.
Function
Specifies one or more UDP or
TCP source ports.
Specifies one or more UDP or
TCP destination ports.
Specifies one or more TCP
flags.
Specifies the TCP flags ACK
and RST
4-9
Description
This function requires that the module using the
ACL (for example, a firewall using the ACL)
support logging.
Without this keyword, the rule applies to all
fragments and non-fragments.
The time-range-name argument is a case
insensitive string of 1 to 32 characters. It must
start with an English letter and cannot be named
all to avoid confusion.
Description
The operator argument can be lt (lower than), gt
(greater than), eq (equal to), neq (not equal to),
or range (inclusive range).
The port1 and port2 arguments are TCP or UDP
port numbers in the range 0 to 65535. port2 is
needed only when the operator argument is
range.
TCP port numbers can be represented in these
words: chargen (19), bgp (179), cmd (514),
daytime (13), discard (9), domain (53), echo
(7), exec (512), finger (79), ftp (21), ftp-data
(20), gopher (70), hostname (101), irc (194),
klogin (543), kshell (544), login (513), lpd
(515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (111), tacacs (49), talk
(517), telnet (23), time (37), uucp (540), whois
(43), and www (80).
UDP port numbers can be represented in these
words: biff (512), bootpc (68), bootps (67),
discard (9), dns (53), dnsix (90), echo (7),
mobilip-ag (434), mobilip-mn (435),
nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp
(123), rip (520), snmp (161), snmptrap (162),
sunrpc (111), syslog (514), tacacs-ds (65),
talk (517), tftp (69), time (37), who (513), and
xdmcp (177).
Parameters specific to TCP.
The value for each argument can be 0 or 1.
The TCP flags in one rule are ANDed.
Parameter specific to TCP.
Table 4-3.
Table 4-4.