HP 6125XLG Command Reference Manual page 32

Parameters Function
vpn-instance Applies the rule to packets
vpn-instance-name in a VPN instance.
If the protocol argument is tcp (6) or udp (17), set the parameters shown in
Table 13 TCP/UDP-specific parameters for IPv6 advanced ACL rules
Parameters Function
source-port Specifies one or more
operator port1 UDP or TCP source
[ port2 ] ports.
destination-port Specifies one or more
operator port1 UDP or TCP
[ port2 ] destination ports.
{ ack ack-value
| fin fin-value |
Specifies one or more
psh psh-value |
TCP flags, including
rst rst-value |
ACK, FIN, PSH, RST,
syn syn-value |
SYN, and URG.
urg urg-value }
*
Specifies the flags for
indicating the
established
established status of a
TCP connection.
If the protocol argument is icmpv6 (58), set the parameters shown in
Table 14 ICMPv6-specific parameters for IPv6 advanced ACL rules
Parameters
icmp6-type { icmp6-type
icmp6-code |
icmp6-message }
Description
The operator argument can be lt (lower than), gt (greater than), eq
(equal to), neq (not equal to), or range (inclusive range).
The port1 and port2 arguments are TCP or UDP port numbers in the
range of 0 to 65535. port2 is needed only when the operator
argument is range.
TCP port numbers can be represented as: chargen (19), bgp (179),
cmd (514), daytime (13), discard (9), domain (53), echo (7), exec
(512), finger (79), ftp (21), ftp-data (20), gopher (70), hostname
(101), irc (194), klogin (543), kshell (544), login (513), lpd (515),
nntp (119), pop2 (109), pop3 (110), smtp (25), sunrpc (111),
tacacs (49), talk (517), telnet (23), time (37), uucp (540), whois
(43), and www (80).
UDP port numbers can be represented as: biff (512), bootpc (68),
bootps (67), discard (9), dns (53), dnsix (90), echo (7), mobilip-ag
(434), mobilip-mn (435), nameserver (42), netbios-dgm (138),
netbios-ns (137), netbios-ssn (139), ntp (123), rip (520), snmp
(161), snmptrap (162), sunrpc (111), syslog (514), tacacs-ds (65),
talk (517), tftp (69), time (37), who (513), and xdmcp (177).
Parameters specific to TCP.
The value for each argument can be 0 (flag bit not set) or 1 (flag bit
set).
The TCP flags in a rule are ANDed. For example, a rule configured
with ack 0 psh 1 matches packets that have the ACK flag bit not set
and the PSH flag bit set.
Parameter specific to TCP.
The rule matches TCP connection packets with the ACK or RST flag
bit set.
Function
Specifies the ICMPv6
message type and
code.
27
Description
The vpn-instance-name argument is a case-sensitive string
of 1 to 31 characters.
If no VPN instance is specified, the rule applies only to
non-VPN packets.
Table
Description
The icmp6-type argument is in the range of 0 to 255.
The icmp6-code argument is in the range of 0 to 255.
The icmp6-message argument specifies a message name.
Supported ICMP message names and their corresponding
type and code values are listed in
Table 13.
14.
Table 15.