Configuring Acl-Based Packet Filtering In An Interzone - Huawei AR1200-S Configuration Manual
Enterprise routers
Hide thumbs
Also See for AR1200-S:
- Configuration manual (125 pages) ,
- Hardware description (171 pages)
Table of Contents
Advertisement
Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
3.4.2 Configuring ACL-based Packet Filtering in an Interzone
The packet filtering firewall filters packets through ACLs.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
acl [ number ] acl-number [ match-order { config | auto }]
An ACL is created and the ACL view is displayed.
Step 3 Run:
rule
An ACL rule is configured.
Step 4 Run:
quit
Return to the system view.
Step 5 Run:
firewall interzone zone-name1 zone-name2
The interzone view is displayed.
Step 6 Run:
packet-filter acl-number { inbound | outbound }
The ACL-based packet filtering is configured.
You can configure ACL-based packet filtering in the interzone for incoming or outgoing packets.
Step 7 (Optional) Run:
packet-filter default { deny | permit } { inbound | outbound }
The default processing mode for unmatched packets is configured.
In the default settings of the system, the outbound unmatched packets are allowed, and the
inbound unmatched packets are denied.
If an ACL is applied to the inbound or outbound packets of an interzone, the packets are filtered
according to the ACL rules. If packets do not match the ACL, the default processing mode is
used.
----End
Issue 02 (2012-03-30)
NOTE
During the modification of interzone filtering rules, some sessions may not be filtered properly according
to the rules. Therefore, after the modification is complete, use the reset firewall session all command to
delete all existing firewall session entries.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 Firewall Configuration
54
Advertisement
Table of Contents
