H3C MSR 20-20 Command Reference Manual page 2095

Table 546 Parameters for advanced IPv4 ACL rules
Parameter Function
reflective Specifies the rule to
be reflective.
vpn-instance Specifies a VPN
vpn-instance-name instance.
fragment Indicates that the rule
applies only to
non-first fragments.
time-range Specifies the time
time-name range in which the
rule can take effect.
If the protocol argument is set to tcp or udp, you may define the parameters in
the following table.
Table 547 TCP/UDP-specific parameters for advanced IPv4 ACL rules
Parameter Function
source-port Defines a UDP or TCP
operator port1 source port against
[ port2 ] which UDP or TCP
packets are matched.
destination-port Defines a UDP or TCP
operator port1 destination port
[ port2 ] against which UDP or
TCP packets are
matched.
established Defines the rule for
TCP connection
packets.
If the protocol argument is set to icmp, you may define the parameters in the
following table.
Description
A rule with the reflective keyword can be
defined only for TCP, UDP, or ICMP packets
and its statement can only be permit.
The vpn-instance-name argument is a
case-sensitive string of 1 to 31 characters.
With this keyword not provided, the rule is
effective to both non-fragments and
fragments.
The time-name argument comprises 1 to 32
characters. It is case insensitive and must start
with an English letter. To avoid confusion, this
name cannot be all.
Description
The operator argument can be lt (lower than),
gt (greater than), eq (equal to), neq (not equal
to), and range (inclusive range).
port1, port2: TCP or UDP port number,
represented by a number in the range 0 to
65535. TCP port number can be represented
in words as follows:
chargen (19), bgp (179), cmd (514), daytime
(13), discard (9), domain (53), echo (7), exec
(512), finger (79), ftp (21), ftp-data (20),
gopher (70), hostname (101), irc (194),
klogin (543), kshell (544), login (513), lpd
(515), nntp (119), pop2 (109), pop3 (110),
smtp (25), sunrpc (111), tacacs (49), talk
(517), telnet (23), time (37), uucp (540),
whois (43), or www (80).
UDP port number can be represented in words
as follows: biff (512), bootpc (68), bootps
(67), discard (9), dns (53), dnsix (90), echo
(7), mobilip-ag (434), mobilip-mn (435),
nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp
(123), rip (520), snmp (161), snmptrap (162),
sunrpc (111), syslog (514), tacacs-ds (65),
talk (517), tftp (69), time (37), who (513),
xdmcp (177).
A keyword specific to TCP.
On a router, With this keyword, the rule
matches the TCP connection packets with the
ACK or RST flag.
2095