beautypg.com

Configuring an ethernet frame header acl rule – H3C Technologies H3C SecPath F1000-E User Manual

Page 19

background image

9

Item Description

Source IP Address

Select the Source IP Address box and enter a source IP address and source

wildcard, in dotted decimal notation.

Source Wildcard

Destination IP Address

Select the Destination IP Address box and enter a destination IP address and
destination wildcard, in dotted decimal notation.

Destination Wildcard

VPN Instance

Specify the VPN.
If you select None, the rule applies to only non-VPN packets.

Protocol

Select the protocol to be carried over by IP.
If you select 1 ICMP, you can configure the ICMP message type and code. If you
select 6 TCP or 17 UDP, you can configure the TCP or UDP specific items.

ICMP Message

Specify the ICMP message type and code.
These items are available only when you select 1 ICMP from the Protocol list.
If you select Others from the ICMP Message list, you need to enter values in the
ICMP Type and ICMP Code fields. Otherwise, the two fields will take the default

values, which cannot be changed.

ICMP Type

ICMP Code

TCP Connection Established

If you select this box, the rule matches packets used for establishing and
maintaining TCP connections.
This item is available only when you select 6 TCP from the Protocol list.
On a firewall, a rule with this item configured matches TCP connection packets

with the ACK or RST flag.

Source

Operator

Select the operators and enter the source port numbers and destination port
numbers as required.
These items are available only when you select 6 TCP or 17 UDP from the
Protocol list.
Different operators have different configuration requirements for the port
number fields:

None—The following port number fields cannot be configured.

inclusive range—The following port number fields must be configured to

define a port range.

Other values—The first port number field must be configured and the second

must not.

Port

Destination

Operator

Port

ToS

Specify the ToS preference.

IMPORTANT:

If you configure the IP precedence or

ToS precedence in addition to the DSCP
priority, the DSCP priority takes effect.

Precedence

Specify the IP precedence.

DSCP

Specify the DSCP priority.

Configuring an Ethernet frame header ACL rule

Select Firewall > ACL from the navigation tree. Then, select the Ethernet frame header ACL for which you
want to configure ACL rules from the ACL list in the right pane and click the corresponding

icon in the

Operation column to list all existing rules of the ACL, as shown in

Figure 7

. Click Add to enter the

configuration page for Ethernet frame header ACL rules, as shown in

Figure 8

.

This manual is related to the following products:
See also other documents in the category H3C Technologies Safety: