Command Reference Guide

ManualsBrandsHP ManualsRoutersHP 5000 Router Series

2251

258 ● rule 3Com Router 5000 Family and Router 6000 Family

Command Reference

to), neq (not equal to) and range (between). If the

operator is range, two port numbers should follow it.

Others only need one port number.

port1, port2

Optional, port number of TCP or UDP, expressed by

name or number. The number range is from 0 to

65535.

dscp dscp

Specifies a DSCP field, the DS byte in IP packets.

established

Matches the TCP packets with the ACK and/or RST

flag, including the TCP packets of these types:

SYN+ACK, ACK, FIN+ACK, RST, RST+ACK.

precedence

Optional, a number ranging from 0 to 7, or a name.

Packets can be filtered according to precedence field.

tos tos

Optional, a number ranging from 0 to 15 or a name.

Packets can be filtered according to type of service.

logging

Optional, indicating whether to log qualified packets.

The log contents include sequence number of ACL

rule, packets passed or discarded, upper layer protocol

type over IP, source/destination address,

source/destination port number, and number of

packets. The parameter applies only to the firewall

module. That means when other modules invoke ACL,

no log is output for the unmatched packet.

time-range time-name

Specifies that the ACL is valid in this time range.

fragment

Specifies that this rule is only valid for the fragment

packets that are not the first fragment. When this

parameter is contained, it indicates that the rule is only

valid for the fragment packets that are not the first

fragment. A matching rule specified without this

keyward cannot match fragments.

interface interface-type

interface-number

Specifies the interface information of the packets,

which cannot be the information of L2 Ethernet port.

If no interface is specified, all interfaces can be

matched. any represents all interfaces.

vpn-instance

Optional, specifies a vpn-instance. If it is not specified,

the ACL rule is invalid for packets in all vpn-instances.

If it is specified, the ACL rule is valid only for the

specified vpn-instance.

vpn-instance-name

Specifies the name of a vpn-instance that existed.

In the undo rule command

rule-id

ID of an ACL rule, it should be an existing ACL rule

number. If the command is not followed by other

parameters, this ACL rule will be deleted completely;

otherwise, only part of information related to this ACL

rule will be deleted.

comment text

Specifies a comment for each rule.

source

Optional. Only the information settings related to the

source address part of the ACL rule number will be

deleted.