Rule Append - H3C MSR Series Command Reference Manual
Comware 7 security
Hide thumbs
Also See for MSR Series:
- Command reference manual (174 pages) ,
- Configuration manual (80 pages) ,
- Manual (33 pages)
Table of Contents
Advertisement
time-range (ACL and QoS Command Reference)
track (High Availability Command Reference)
rule append
Use rule append to append a criterion to a rule for packet matching.
Use undo rule append to delete a criterion appended to a rule.
Syntax
rule rule-id append { application application-name | app-group app-group-name | destination-ip
object-group-name | service object-group-name | source-ip object-group-name }
undo rule rule-id append { application [ application-name ] | app-group [ app-group-name ] |
destination-ip
[ object-group-name ] }
Default
No criterion is appended to a rule for packet matching.
Views
Object policy view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a rule by its ID in the range of 0 to 65534.
application application-name: Specifies an application by its name, a case-insensitive string of 1 to
63 characters. The names invalid and other are not allowed.
app-group app-group-name: Specifies an application group by its name, a case-insensitive string of
1 to 63 characters. The names invalid and other are not allowed.
destination-ip object-group-name: Specifies a destination IPv4 or IPv6 address object group by its
name, a case-insensitive string of 1 to 31 characters. The name any is not allowed.
service object-group-name: Specifies a service object group by its name, a case-insensitive string of
1 to 31 characters. The name any is not allowed.
source-ip object-group-name: Specifies a source IPv4 or IPv6 address object group by its name, a
case-insensitive string of 1 to 31 characters. The name any is not allowed.
Usage guidelines
Make sure the rule already exists before you execute this command.
You can execute this command multiple times to append multiple criteria to a rule. These criteria can
be of the same type.
The action taken on packets matching the appended criterion is specified in the rule command.
If you do not specify a criterion when executing the undo command, the command deletes all
appended criteria of the specified type.
Examples
# Configure rule 1 to allow packets that match source IP address object groups sourceip1,
sourceip2, and sourceip3 to pass.
<Sysname> system-view
[Sysname] object-policy ip permit
[Sysname-object-policy-ip-permit] rule 1 pass source-ip sourceip1 logging
[
object-group-name
]
|
service
[
object-group-name
969
]
|
source-ip
Advertisement
Table of Contents
