Configuring an ipv6 advanced acl – H3C Technologies H3C SecPath F1000-E User Manual

Page 28

Step

Command

Remarks

Create or edit a rule.

rule [ rule-id ] { deny | permit }
protocol [ { { ack ack-value | fin
fin-value | psh psh-value | rst

rst-value | syn syn-value | urg

urg-value } * | established } |
counting | destination { dest-addr

dest-wildcard | any } |

destination-port operator port1
[ port2 ] | dscp dscp | fragment |

icmp-type { icmp-type [ icmp-code ]

| icmp-message } | logging |

precedence precedence | reflective
| source { sour-addr sour-wildcard

| any } | source-port operator

port1 [ port2 ] | time-range
time-range-name | tos tos |

vpn-instance vpn-instance-name ] *

By default, an IPv4 advanced ACL
does not contain any rule.
To create or edit multiple rules,
repeat this step.
The logging keyword takes effect
only when the module using the

ACL supports logging.

Configure or edit a rule

description.

rule rule-id comment text

Optional.
By default, an IPv4 advanced ACL
rule has no rule description.

Configuring an IPv6 advanced ACL

IPv6 advanced ACLs match packets based on the source IPv6 addresses, destination IPv6 addresses,

packet priorities, protocols carried over IPv6, and other protocol header fields such as the TCP/UDP
source port number, TCP/UDP destination port number, ICMPv6 message type, and ICMPv6 message

code.
Compared to IPv6 basic ACLs, IPv6 advanced ACLs allow more flexible and accurate filtering.
To configure an IPv6 advanced ACL:

Step

Command

Remarks

Enter system view.

system-view

N/A

Create an IPv6 advanced
ACL and enter its view.

acl ipv6 number acl6-number [ name
acl6-name ] [ match-order { auto |

config } ]

By default, no ACL exists.
IPv6 advanced ACLs are

numbered in the range 3000 to
3999.
You can use the acl ipv6 name
acl6-name command to enter the

view of a named IPv6 ACL.

Configure a description
for the IPv6 advanced

ACL.

description text

Optional.
By default, an IPv6 advanced

ACL has no ACL description.

Set the rule numbering
step.

step step-value

Optional.
5 by default.

This manual is related to the following products:

H3C SecPath F5000-A5 Firewall H3C SecPath F1000-A-EI H3C SecPath F1000-E-SI H3C SecPath F1000-S-AI H3C SecPath F5000-S Firewall H3C SecPath F5000-C Firewall H3C SecPath F100-C-SI H3C SecPath F1000-C-SI H3C SecPath F100-A-SI H3C SecBlade FW Cards H3C SecBlade FW Enhanced Cards H3C SecPath U200-A U200-M U200-S H3C SecPath U200-CA U200-CM U200-CS