Configuring a packet-filter firewall, Packet-filter firewall configuration task list, Enabling the ipv6 firewall function – H3C Technologies H3C SecPath F1000-E User Manual
Page 125: Configuring ipv6 packet filtering on an interface
2
Configuring a packet-filter firewall
Packet-filter firewall configuration task list
Complete the following tasks to configure a packet-filter firewall:
Task
Remarks
Enabling the IPv6 firewall function
Required
Configuring the default filtering action of the IPv6 firewall
Optional
Configuring IPv6 packet filtering on an interface
Required
Enabling the IPv6 firewall function
Following these steps to enable the IPv6 firewall function:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Enable the IPv6 firewall function
firewall ipv6 enable
Required
Disabled by default
Configuring the default filtering action of the IPv6 firewall
The default filtering action configuration is used for the firewall to determine whether to permit a data
packet to pass or deny the packet when there is no appropriate criterion for judgment.
Follow these steps to configure the default filtering action of the IPv6 firewall:
To do…
Use the command…
Remarks
Enter system view
system-view
—
Specify the default filtering action
of the firewall
firewall ipv6 default { deny |
permit }
Optional
permit (permit packets to pass the
firewall) by default
Configuring IPv6 packet filtering on an interface
When an ACL is applied to an interface, the time range-based filtering will also work at the same time.
In addition, you can specify separate access rules for inbound and outbound packets.
The effective range for basic ACL numbers is 2000 to 2999. A basic ACL defines rules based on the
Layer 3 source IP addresses only to analyze and process data packets.
The effective range for advanced ACL numbers is 3000 to 3999. An advanced ACL defines rules
according to the source and destination IP addresses of packets, the type of protocol over IP, TCP/UDP
source and destination ports, and so on.
IPv6 packet filtering is a basic firewall function of an IPv6-based ACL. You can configure IPv6 packet
filtering in the inbound or outbound direction of an interface so that the interface filters packets that
match the IPv6 ACL rules.