Rule (In Basic Ipv4 Acl View) - 3Com S7906E Command Reference Manual

rule (in basic IPv4 ACL view)

Syntax
rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } |
time-range time-range-name | vpn-instance vpn-instance-name ] *
undo rule rule-id [ fragment | logging | source | time-range | vpn-instance ] *
View
Basic IPv4 ACL view
Default Level
2: System level
Parameters
rule-id: Basic IPv4 ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.
fragment: Specifies that the rule applies to only IP fragments. Note that a rule defined with the
fragment keyword matches non-last IP fragments on an SA Series LPUs (line processing units) (for
example, LSQ1FP48SA) or EA Series LPUs (for example, LSQ1GP12EA) while matching non-first IP
fragments on an SC Series LPUs (for example, LSQ1GP24SC). For detailed information about types of
LPUs, refer to the installation manual.
logging: Specifies to log matched packets.
source { sour-addr sour-wildcard | any }: Specifies a source address. The sour-addr sour-wildcard
argument specifies a source IP address in dotted decimal notation. Setting the wildcard to a zero
indicates a host address. The any keyword indicates any source IP address.
time-range time-range-name: Specifies the time range in which the rule takes effect. The
time-range-name argument specifies a time range name with 1 to 32 characters. It is case insensitive
and must start with an English letter. To avoid confusion, this name cannot be all.
vpn-instance vpn-instance-name: Specifies a VPN instance. The vpn-instance-name argument is a
case-sensitive string of 1 to 31 characters. Without this combination, the rule applies to only non-VPN
packets.
Description
Use the rule command to create a basic IPv4 ACL rule or modify the rule if it has existed.
Use the undo rule command to remove a basic IPv4 ACL rule or parameters from the rule.
With the undo rule command, if no parameters are specified, the entire ACL rule is removed; if other
parameters are specified, only the involved information is removed.
Note that:
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL
rules.
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is greater
1-11