Enabling The Built-In Firewall; Configuring An Acl And Applying It Directly To An Interface - HP ProCurve Secure Router 7203 dl Advanced Management And Configuration Manual

Applying Access Control to Router Interfaces
Quick Start
N o t e
N o t e
5-58
If you are not familiar with ACLs and ACPs, ProCurve Networking strongly
recommends that you read the entire chapter before you begin configuring
and applying access controls to the interfaces on your ProCurve Secure
Router. If you do not thoroughly understand how ACLs and ACPs work, you
could inadvertently allow traffic that should be blocked or, conversely, block
traffic that should be allowed.

Enabling the Built-in Firewall

Before you begin configuring access control on router interfaces, you should
enable the ProCurve Secure Route OS firewall. From the global configuration
mode context, enter:
ProCurve(config)# ip firewall
If you are using ACLs only, you do not have to enable the Secure Router OS
firewall. If you are using ACPs, you must enable the firewall.

Configuring an ACL and Applying It Directly to an Interface

This section explains how to use ACLs by themselves to enforce access
control on particular interfaces. If you use ACLs in this way, you can apply
two ACLs to each interface: one ACL to control incoming traffic and one ACL
to control outgoing traffic.
If you apply ACLs directly to router interfaces, the ProCurve Secure Router
uses the ACL to both select the traffic and to perform the action on that traffic.
If you have experience configuring access control on Cisco routers, you will
find that this process is similar to that used on the Cisco router.
An ACL contains two parts:
action
packet pattern
You can define one of two actions: permit or deny. The packet pattern you
specify depends on the type of ACL you create: a standard ACL or an extended
ACL. A standard ACL allows you to match traffic based on source IP address.
An extended ACL allows you to match traffic based on:
source address and destination address
other fields in the IP header