Configuring an advance acl rule, Table 4 – H3C Technologies H3C SecPath F1000-E User Manual
Page 485
7
Table 4 Basic ACL rule configuration items
Item Description
Rule ID
Select the Rule ID check box and type a number for the rule.
If you do not specify the rule number, the system will assign one automatically.
Operation
Select the operation to be performed for packets matching the rule.
•
Permit: Allows matched packets to pass.
•
Deny: Drops matched packets.
Time Range
Select a time range for the rule.
If you select None, the rule will be always effective.
The time range to be referenced must have been configured by selecting Resource >
Time Range from the navigation tree.
Non-first Fragments
Only
Select this check box to apply the rule to only non-first fragments. If you do no select
this check box, the rule applies to all fragments and non-fragments.
Logging
Select this check box to keep a log of matched packets.
A log entry contains the ACL rule number, operation for the matched packets, protocol
that IP carries, source/destination address, source/destination port number, and
number of matched packets.
Source IP Address
Source Wildcard
Select the Source IP Address check box and type a source IP address and source
wildcard, in dotted decimal notation.
VPN Instance
Specify the VPN instance.
If you select None, the rule is effective for only non-VPN packets.
Configuring an Advance ACL Rule
Select Firewall > ACL from the navigation tree. Then, select the advanced ACL for which you want to
configure ACL rules from the ACL list in the right pane and click the corresponding icon in the
Operation column to list all existing rules of the ACL, as shown in
. Click Add to enter the
advanced ACL rule configuration page, as shown in
.
Figure 5 List of advanced ACL rules