H3C S6812 Series Command Reference Manual page 1540

rule (IPv6 advanced ACL view)
Use rule to create or edit an IPv6 advanced ACL rule.
Use undo rule to delete an entire IPv6 advanced ACL rule or some attributes in the rule.
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst
rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address
dest-prefix | dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp |
flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } |
logging | routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address
source-prefix | source-address/source-prefix | any } | source-port operator port1 [ port2 ] |
time-range time-range-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | hop-by-hop |
source | source-port | time-range ] *
undo rule { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * | established } | counting | destination { dest-address dest-prefix
| dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label
flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging |
routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address source-prefix
| source-address/source-prefix | any } | source-port operator port1 [ port2 ] | time-range
time-range-name ] *
Default
No IPv6 advanced ACL rules exist.
Views
IPv6 advanced ACL view
Predefined user roles
network-admin
Parameters
rule-id: Specifies a rule ID in the range of 0 to 65534. If you do not specify a rule ID when creating an
ACL rule, the system automatically assigns it a rule ID. This rule ID is the nearest higher multiple of
the numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering
step is 5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
protocol: Specifies one of the following values:
•
A protocol number in the range of 0 to 255.
•
A protocol name: gre (47), icmpv6 (58), ipv6, ipv6-ah (51), ipv6-esp (50), ospf (89), tcp (6),
or udp (17). The ipv6 keyword specifies all protocols.
Table 11 describes the parameters that you can specify regardless of the value for the protocol
argument.
Table 11 Match criteria and other rule information for IPv6 advanced ACL rules
Parameters
source
{ source-address
source-prefix |
Function
Specifies a source IPv6
address.
Description
The source-address argument specifies an IPv6 source
address.
The source-prefix argument specifies a prefix length in
25