3Com S7902E Command Reference Manual - page 1935
1-11
rule (in basic IPv4 ACL view)
Syntax
rule
[
rule-id
] {
deny
|
permit
} [
fragment
|
logging
|
source
{
sour-addr sour-wildcard
|
any
} |
time-range
time-range-name
|
vpn-instance vpn-instance-name
] *
undo
rule
rule-id
[
fragment
|
logging
|
source
|
time-range
|
vpn-instance
] *
View
Basic IPv4 ACL view
Default Level
2: System level
Parameters
rule-id
: Basic IPv4 ACL rule number in the range 0 to 65534.
deny
: Defines a deny statement to drop matched packets.
permit
: Defines a permit statement to allow matched packets to pass.
fragment
: Specifies that the rule applies to only IP fragments. Note that a rule defined with the
fragment
keyword matches non-last IP fragments on an SA Series LPUs (line processing units) (for
example, LSQ1FP48SA) or EA Series LPUs (for example, LSQ1GP12EA) while matching non-first IP
fragments on an SC Series LPUs (for example, LSQ1GP24SC). For detailed information about types of
LPUs, refer to the installation manual.
logging
: Specifies to log matched packets.
source
{
sour-addr sour-wildcard
|
any
}: Specifies a source address. The
sour-addr sour-wildcard
argument specifies a source IP address in dotted decimal notation. Setting the wildcard to a zero
indicates a host address. The
any
keyword indicates any source IP address.
time-range
time-range-name:
Specifies the time range in which the rule takes effect. The
time-range-name
argument specifies a time range name with 1 to 32 characters. It is case insensitive
and must start with an English letter. To avoid confusion, this name cannot be all.
vpn-instance vpn-instance-name
:
Specifies a VPN instance. The
vpn-instance-name
argument is a
case-sensitive string of 1 to 31 characters. Without this combination, the rule applies to only non-VPN
packets.
Description
Use the
rule
command to create a basic IPv4 ACL rule or modify the rule if it has existed.
Use the
undo
rule
command to remove a basic IPv4 ACL rule or parameters from the rule.
With the
undo
rule
command, if no parameters are specified, the entire ACL rule is removed; if other
parameters are specified, only the involved information is removed.
Note that:
z
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to
auto
rather than
config
, you cannot modify ACL
rules.
z
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is greater