Rule Comment - HP FlexNetwork MSR Series Command Reference Manual

Usage guidelines
If the specified rule ID does not exist, this command creates a rule. Otherwise, this command
changes the configuration of the specified rule.
If you do not configure any object groups in a rule, the rule applies to all packets.
If you do not specify any options in the undo rule command, the command deletes the entire rule.
Otherwise, the command deletes only the specified part of the rule statement.
You cannot delete a nonexistent rule. You can use the display object-policy ipv6 command to
display rules in an IPv6 object policy.
To use applications or application groups in an object policy, use only PBAR-classified applications.
NBAR-classified applications cannot match any packets. For more information about PBAR and
NBAR, see Security Configuration Guide.
Examples
# Configure a rule to allow packets that match source IPv6 address object group sourceip1 to pass
through during time range time1.
<Sysname> system-view
[Sysname] object-policy ipv6 permit
[Sysname-object-policy-ipv6-permit] rule pass source-ip sourceip1 logging time-range
time1
# Configure a rule to apply DPI application profile profile1 to packets that match source IPv4
address object group sourceip1.
<Sysname> system-view
[Sysname] object-policy ipv6 dpiproc
[Sysname-object-policy-ipv6-dpiproc] rule inspect profile1 source-ip sourceip1 logging
# Configure a rule to permit packets that match application aaa.
<Sysname> system-view
[Sysname] object-policy ipv6 dpiproc
[Sysname-object-policy-ipv6-dpiproc] rule pass application aaa
Related commands
app-profile (DPI Command Reference)
display object-policy ipv6
move rule
object-policy ipv6
time-range (ACL and QoS Command Reference)
track (High Availability Command Reference)

rule comment

Use rule comment to configure a description for a rule.
Use undo rule comment to delete the description for a rule.
Syntax
rule rule-id comment text
undo rule rule-id comment
Default
No description is configured for a rule.
806