Configuring packet filtering with ACLs
This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets
on the specified interface.
Applying an ACL to an interface for packet filtering
Step
1.
Enter system view.
2.
Enter Ethernet interface view
or VLAN-interface view.
3.
Apply an ACL to the interface
to filter packets.
Setting the interval for generating and outputting packet
filtering logs
After you set the interval, the device periodically generates and outputs the packet filtering logs,
including the number of matching packets and the matched ACL rules.
To set the interval for generating and outputting packet filtering logs:
Step
1.
Enter system view.
2.
Set the interval for generating
and outputting packet filtering
logs.
Setting the packet filtering default action
Step
1.
Enter system view.
2.
Set the packet filtering default
action to deny.
Displaying and maintaining ACLs
Execute display commands in any view and reset commands in user view.
Command
system-view
interface interface-type
interface-number
packet-filter [ ipv6 ] { acl-number |
name acl-name } { inbound |
outbound } [ hardware-count ]
Command
system-view
acl [ ipv6 ] logging interval interval
Command
system-view
packet-filter default deny
9
Remarks
N/A
N/A
By default, an interface does not
filter packets.
You can apply up to one ACL to the
same direction of an interface.
Remarks
N/A
The default setting is 0 minutes,
which mean that no packet filtering
logs are generated.
Remarks
N/A
By default, the packet filter permits
packets that do not match any ACL
rule to pass.