H3C IE4300 Command Reference Manual page 1700

[Sysname] acl ipv6 advanced 3001
[Sysname-acl-ipv6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48
[Sysname-acl-ipv6-adv-3001] rule permit ipv6
# Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3002
[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp
[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp-data
[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp
[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp-data
# Create IPv6 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3003
[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmp
[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmptrap
[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmp
[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmptrap
# Create IPv6 advanced ACL 3004, and configure two rules: one permits packets with the
Hop-by-Hop Options header type as 5, and the other one denies packets with other Hop-by-Hop
Options header types.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3004
[Sysname-acl-ipv6-adv-3004] rule permit ipv6 hop-by-hop type 5
[Sysname-acl-ipv6-adv-3004] rule deny ipv6 hop-by-hop
Related commands
acl
acl logging interval
display acl
step
time-range
rule (IPv6 basic ACL view)
Use to create or edit an IPv6 basic ACL rule.
rule
Use
undo rule
Syntax
rule [ rule-id ] { deny | permit } [ counting | fragment | logging | routing
[ type routing-type ]
source-address
vpn-instance vpn-instance-name ] *
undo rule rule-id [ counting | fragment | logging | routing | source |
time-range | vpn-instance ] *
undo rule { deny | permit } [ counting | fragment | logging | routing [ type
routing-type
source-address
vpn-instance vpn-instance-name ] *
to delete an entire IPv6 basic ACL rule or some attributes in the rule.
| source { source-address source-prefix |
/
source-prefix | any } | time-range time-range-name |
] | source
/
source-prefix | any } | time-range time-range-name |
{ source-address
31
source-prefix |