HPE FlexNetwork HSR6800 series Command Reference Manual page 28

ICMP message name
host-unreachable
information-reply
information-request
net-redirect
net-tos-redirect
net-unreachable
parameter-problem
port-unreachable
protocol-unreachable
reassembly-timeout
source-quench
source-route-failed
timestamp-reply
timestamp-request
ttl-exceeded
Usage guidelines
Within an ACL, the permit or deny statement of each rule must be unique. If the rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, the rule will not be
created or changed.
The object group you specify when creating or editing a rule must already exist. Otherwise, the rule
will not be created or changed.
You can edit ACL rules only when the match order is config.
To view the existing IPv4 basic and advanced ACL rules, use the display acl all command.
The undo rule rule-id command without any optional parameters deletes an entire rule. If you
specify optional parameters, the undo rule rule-id command deletes the specified attributes for the
rule.
The undo rule [ rule-id ] { deny | permit } command can only be used to delete an entire rule. You
must specify all the attributes of the rule for the command.
Examples
# Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from
129.9.0.0/16 to 202.38.160.0/24.
<Sysname> system-view
[Sysname] acl advanced 3000
[Sysname-acl-ipv4-adv-3000] rule permit tcp source 129.9.0.0 0.0.255.255 destination
202.38.160.0 0.0.0.255 destination-port eq 80
# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for
192.168.1.0/24.
<Sysname> system-view
[Sysname] acl advanced 3001
[Sysname-acl-ipv4-adv-3001] rule deny icmp destination 192.168.1.0 0.0.0.255
[Sysname-acl-ipv4-adv-3001] rule permit ip
ICMP message type
3
16
15
5
5
3
12
3
3
11
4
3
14
13
11
23
ICMP message code
1
0
0
0
2
0
0
3
2
1
0
5
0
0
0