HP FlexNetwork MSR Series Command Reference Manual page 823
Comware 7 security
Hide thumbs
Also See for FlexNetwork MSR Series:
- Configuration manual (392 pages) ,
- Configuration manuals (159 pages)
Advertisement
Default
No rules are configured for an IPv6 object policy.
Views
IPv6 object policy view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify an ID for the rule, the
system automatically assigns the rule an integer next to the greatest ID being used. For example, if
the greatest ID is 60000, the system automatically assigns 60001. If the greatest ID is 65534, the
system assigns the rule the smallest unused number in the range.
drop: Discards the packets that match the rule.
pass: Allows the packets that match the rule to pass.
inspect app-profile-name: Applies a DPI application profile to the packets that match the rule. The
app-profile-name argument represents the DPI profile name, a case-insensitive string of 1 to 127
characters. The string can contain only letters, digits, and underscores (_).
source-ip object-group-name: Specifies a source IPv6 address object group by its name, a
case-insensitive string of 1 to 31 characters.
source-ip any: Specifies all source IPv6 address object groups.
destination-ip object-group-name: Specifies a destination IPv6 address object group by its name, a
case-insensitive string of 1 to 31 characters.
destination-ip any: Specifies all destination IPv6 address object groups.
service object-group-name: Specifies a service object group by its name, a case-insensitive string of
1 to 31 characters.
service any: Specifies all service object groups.
vrf vrf-name: Specifies an MPLS L3VPN instance by its name, a case-sensitive string of 1 to 31
characters. If you do not specify this option, the command applies to packets of the public network.
application application-name: Specifies an application by its name, a case-insensitive string of 1 to
63 characters. The invalid and other applications are not supported.
app-group app-group-name: Specifies an application group by its name, a case-insensitive string of
1 to 63 characters. The invalid and other application groups are not supported.
counting: Enables match counting for the rule in an IPv6 object policy. By default, rule match
counting is disabled.
disable: Disables the IPv6 object policy rule.
logging: Logs the packets that match the rule.
track track-entry-number: Specifies a track entry by its ID in the range of 1 to 1024. For more
information about track entries, see High Availability Configuration Guide.
negative: Specifies the negative state. If you do not specify this keyword, the command associates
the rule with a track entry in positive state.
time-range time-range-name: Specifies the rule effective time range by its name, a case-insensitive
string of 1 to 32 characters. If you configure a rule without setting the effective time period, the
system creates the rule and prompts you to configure the time period. The rule takes effect after you
set the time period. For more information about time range configuration, see ACL and QoS
Configuration Guide.
805
Advertisement
