Table of Contents
Advertisement
# Create IPv6 advanced ACL rules to permit all IPv6 packets but the ICMPv6 packets destined for
FE80:5060:1001::/48.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3001
[Sysname-acl-ipv6-adv-3001] rule deny icmpv6 destination fe80:5060:1001:: 48
[Sysname-acl-ipv6-adv-3001] rule permit ipv6
# Create IPv6 advanced ACL rules to permit inbound and outbound FTP packets.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3002
[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp
[Sysname-acl-ipv6-adv-3002] rule permit tcp source-port eq ftp-data
[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp
[Sysname-acl-ipv6-adv-3002] rule permit tcp destination-port eq ftp-data
# Create IPv6 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3003
[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmp
[Sysname-acl-ipv6-adv-3003] rule permit udp source-port eq snmptrap
[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmp
[Sysname-acl-ipv6-adv-3003] rule permit udp destination-port eq snmptrap
# Create IPv6 advanced ACL 3004, and configure two rules: one permits packets with the
Hop-by-Hop Options header type as 5, and the other one denies packets with other Hop-by-Hop
Options header types.
<Sysname> system-view
[Sysname] acl ipv6 advanced 3004
[Sysname-acl-ipv6-adv-3004] rule permit ipv6 hop-by-hop type 5
[Sysname-acl-ipv6-adv-3004] rule deny ipv6 hop-by-hop
Related commands
acl
display acl
packet-filter
packet-filter global
step
time-range
rule (IPv6 basic ACL view)
Use
to create or edit an IPv6 basic ACL rule.
rule
Use
undo rule
Syntax
rule [ rule-id ] { deny | permit } [ counting | fragment | routing [ type
routing-type
source-address
vpn-instance vpn-instance-name ] *
undo rule rule-id [ counting | fragment | routing | source | time-range |
vpn-instance ] *
(interface view) (Security Command Reference)
(Security Command Reference)
to delete an entire IPv6 basic ACL rule or some attributes in the rule.
]
|
source
/
source-prefix | any } | time-range time-range-name |
{
source-address
18
source-prefix
|
Advertisement
Chapters
Table of Contents
