Command Reference Guide
3Com Router 5000 Family and Router 6000 Family firewall packet-filter ● 141
Command Reference
firewall packet-filter
Purpose Use the firewall packet-filter command to apply the access control list to
the corresponding interface.
Use the undo firewall packet-filter command to delete the corresponding
setting.
Syntax firewall packet-filter acl-number { inbound | outbound } [
match-fragments { normally | exactly } ]
undo firewall packet-filter acl-number { inbound | outbound }
Parameters acl-number
Serial number of access control list rule.
inbound
Filters the packet received from the interface.
outbound
Filters the packet forwarded from the interface.
match-fragments
Specify the matching mode of fragments. This
parameter can only be applied to advanced ACLs.
normally
Normal matching mode, the default mode.
exactly
Exact matching mode.
Example Apply ACL 1001 to the Serial1/0/0 interface to filter the packets forwarded by the
interface.
[3Com-Serial1/0/0] firewall packet-filter 1001 outbound
View This command can be used in the following views:
■ Interface view
Description Interface-based ACL (namely ACL rule with sequence number from 1000 to 1999)
can only use the parameter outbound.
Packet-filtering on VRP platform can filter fragment packets, which matches and
filters all fragment packets on layer 3 (IP layer) by source IP address, destination IP
address etc. It also provides standard matching and exact matching for advanced ACL
rules that contain extended information such as TCP/UDP port number and type of
ICMP.
The standard matching matches layer 3 information and special information such as
time range and vpn-instance, and neglects layer 4 Information. The exact matching
matches packets according to all filtering rules of an advanced ACL, including layer 3
and layer 4 information, time range, and vpn-instance. If an advanced ACL includes
layer 4 filtering rules but the interface employs the default standard matching mode,
the layer 4 filtering rules do not take effect.