1. Manuals
  2. Brands
  3. HP Manuals
  4. IP Access Controllers
  5. A-U200
  6. Command reference manual

Rule (Ipv4 Basic Acl View) - HP A-U200 Command Reference Manual

Unified threat management products
Hide thumbs
Table of Contents

Advertisement

Description
Use the rule command to create or edit an IPv4 advanced ACL rule. You can edit ACL rules only when
the match order is config.
Use the undo rule command to delete an entire IPv4 advanced ACL rule or some attributes in the rule. If
no optional keywords are provided, you delete the entire rule. If optional keywords or arguments are
provided, you delete the specified attributes.
By default, an IPv4 advanced ACL does not contain any rule.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt fails.
To view rules in an ACL and their rule IDs, use the display acl all command.
Related commands: acl, display acl, step, and time-range.
Examples
# Create an IPv4 advanced ACL rule to permit TCP packets with the destination port 80 from
129.9.0.0/16 to 202.38.160.0/24, and enable logging matching packets.
<Sysname> system-view
[Sysname] acl number 3000
[Sysname-acl-adv-3000]
202.38.160.0 0.0.0.255 destination-port eq 80 logging
# Create IPv4 advanced ACL rules to permit all IP packets but the ICMP packets destined for
192.168.1.0/24.
<Sysname> system-view
[Sysname] acl number 3001
[Sysname-acl-adv-3001] rule permit ip
[Sysname-acl-adv-3001] rule deny icmp destination 192.168.1.0 0.0.0.255
# Create IPv4 advanced ACL rules to permit inbound and outbound FTP packets.
<Sysname> system-view
[Sysname] acl number 3002
[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp
[Sysname-acl-adv-3002] rule permit tcp source-port eq ftp-data
[Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp
[Sysname-acl-adv-3002] rule permit tcp destination-port eq ftp-data
# Create IPv4 advanced ACL rules to permit inbound and outbound SNMP and SNMP trap packets.
<Sysname> system-view
[Sysname] acl number 3003
[Sysname-acl-adv-3003] rule permit udp source-port eq snmp
[Sysname-acl-adv-3003] rule permit udp source-port eq snmptrap
[Sysname-acl-adv-3003] rule permit udp destination-port eq snmp
[Sysname-acl-adv-3003] rule permit udp destination-port eq snmptrap

rule (IPv4 basic ACL view)

Syntax
rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } |
time-range time-range-name | vpn-instance vpn-instance-name ] *
rule
permit
tcp
11
source
129.9.0.0
0.0.255.255
destination

Advertisement

Table of Contents
loading

Related Manuals for HP A-U200

Related Content for HP A-U200

Table of Contents