Configuring an advance acl rule – H3C Technologies H3C SecBlade LB Cards User Manual

23

Figure 14 Basic ACL rule configuration page

4.

Configure a rule as described in

Table 6

.

5.

Click Apply.

Table 6 Configuration items

Item Description

Rule ID

Select the Rule ID box, and enter a number for the rule.
If you do not specify a rule ID, the system automatically assigns one to the rule.
If the rule already exists, the configuration overwrites the old rule.

Operation

Select the operation to be performed for matching packets:

•

Permit—Allows matching packets to pass.

•

Deny—Denies matching packets.

Time Range

Select a time range for the rule.
If you select None, the rule is always effective.
Available time ranges are configured by selecting Security > Time Range from the
navigation tree.

Non-first Fragments
Only

Select this box to apply the rule to only non-first fragments.
To apply the rule to all fragments and non-fragments, do not select this box.

Logging

Select this box to log matching packets.
A log entry contains the ACL rule number, action on the matching packets, protocol that

IP carries, source/destination address, source/destination port number, and number of

matching packets.

Source IP Address

Select the Source IP Address box, and enter the source IP address and source wildcard,
in dotted decimal notation.

Source Wildcard

VPN Instance

Select a VPN.
To apply the rule to only non-VPN packets, select None.

Configuring an advance ACL rule

1.

Select Security > ACL from the navigation tree.

2.

Click the

icon for an advanced ACL to list all its rules.