# Create advanced ACL 3002.
[Router] acl number 3002
# Configure a rule to allow a specific external user to access internal servers.
[Router-acl-adv-3002] rule permit tcp source 20.3.3.3 0 destination 129.1.1.0 0.0.0.255
# Configure a rule to permit specific data (only packets of which the port number is greater than 1024)
to get access to the internal network.
[Router-acl-adv-3002] rule permit tcp destination 20.1.1.1 0 destination-port gt 1024
[Router-acl-adv-3002] rule deny ip
[Router-acl-adv-3002] quit
# Apply ACL 3001 to packets that come in through GigabitEthernet 1/0/1.
[Router] interface gigabitethernet 1/0/1
[Router-GigabitEthernet1/0/1] firewall packet-filter 3001 inbound
[Router-GigabitEthernet1/0/1] quit
# Apply ACL 3002 to packets that come in through Serial 2/1/1.
[Router] interface serial 2/1/1
[Router-Serial2/1/1] firewall packet-filter 3002 inbound
Configuring an ASPF
Configuration task list
Task
Enabling the firewall function
Configuring an ASPF
Applying an ASPF policy to an interface
Configuring port mapping
Enabling the firewall function
To do...
1.
Enter system view.
2.
Enable the IPv4 firewall function on a
centralized router.
3.
Enable the IPv4 firewall function on a
distributed router.
policy
Remarks
Required
Required
Required
Optional
Command...
system-view
firewall enable
firewall enable { all | slot slot-
number }
352
Remarks
—
Required
Disabled by default
Required
Disabled by default