HPE FlexNetwork HSR6800 series Command Reference Manual page 25
Comware 7 acl and qos
Hide thumbs
Also See for FlexNetwork HSR6800 series:
- Security command reference (538 pages) ,
- Configuration manual (503 pages) ,
- Command reference manual (35 pages)
Table of Contents
Advertisement
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst
rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { object-group
address-group-name | dest-address dest-wildcard | any } | destination-port { object-group
port-group-name | operator port1 [ port2 ] } | { dscp dscp | { precedence precedence | tos tos } * } |
fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { object-group
address-group-name | source-address source-wildcard | any } | source-port { object-group
port-group-name | operator port1 [ port2 ] } | time-range time-range-name | vpn-instance
vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | { dscp | { precedence | tos } * } | fragment | icmp-type | logging | source |
source-port | time-range | vpn-instance ] *
undo rule { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * | established } | counting | destination { object-group
address-group-name | dest-address dest-wildcard | any } | destination-port { object-group
port-group-name | operator port1 [ port2 ] } | { dscp dscp | { precedence precedence | tos tos } * } |
fragment | icmp-type { icmp-type [ icmp-code ] | icmp-message } | logging | source { object-group
address-group-name | source-address source-wildcard | any } | source-port { object-group
port-group-name | operator port1 [ port2 ] } | time-range time-range-name | vpn-instance
vpn-instance-name ] *
Default
No IPv4 advanced ACL rules exist.
Views
IPv4 advanced ACL view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an
ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of
the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Specifies one of the following values:
•
A protocol number in the range of 0 to 255.
•
A protocol by its name: gre (47), icmp (1), igmp (2), ip, ipinip (4), ospf (89), tcp (6), or udp
(17). The ip keyword specifies all protocols.
Table 7
describes the parameters that you can specify regardless of the value for the protocol
argument.
Table 7 Match criteria and other rule information for IPv4 advanced ACL rules
Parameters
source
{ object-group
address-group-name
| source-address
source-wildcard |
any }
Function
Specifies a source address.
20
Description
The address-group-name argument specifies an
object group of source IP addresses.
The source-address source-wildcard arguments
specify a source IP address and a wildcard mask in
dotted decimal notation. An all-zero wildcard
represents a host address.
The any keyword specifies any source IP address.
Advertisement
Table of Contents
