3Com 10014299 Network Router User Manual


 
Configure Firewall 555
Configuring Standard
Access Control List
The value of the standard access control list is an integer from 1 to 99. First of all,
enter the ACL view through
acl command, and configure the match sequence of
the access control list, and then configure specific access rules through
rule
command. If the matching sequence is not configured, it will be conducted by
auto mode.
Perform the following configurations in system view and ACL view.
Table 622 Configure Standard Access Control List
normal means that this rule functions during normal time range, while special
means that this rule will function during the special time range. Users shall set the
special time segment when using
special. Multiple rules with the same serial
number will be matched according to “depth-first”command.
By default normal is adopted.
Configuring Extended
Access Control List
The value of the extended access control list is an integer from 100 to 199. First of
all, enter the ACL view through
acl command, and configure the match
sequence of the access control list, and then configure specific access rules
through
rule command. If the matching sequence is not configured, it will be
conducted in
auto mode.
Perform the following configurations in system view and ACL view.
Table 623 Configure Extended Access Control List
Operation Command
Enter the ACL view and configure the
match sequence of access control list
acl acl-number [ match-order config |
auto ]
Configure standard access list rule rule { normal | special }{ permit |
deny } [source source-addr
source-wildcard | any ]
Delete specific access list rule undo rule { rule-id | normal |
special }}
Delete access list undo acl {acl-number| all }
Operation Command
Enter the ACL view and configure the
match sequence of access control list
acl acl-number [ match-order config |
auto ]
Configure extended access control list rule
of TCP/UDP protocol
rule { normal | special }{ permit |
deny } { tcp | udp } [source
source-addr source-wildcard | any ]
[source-port operator port1 [ port2 ]
] [ destination dest-addr dest-
wildcard | any ] [destination-port
operator port1 [ port2 ] ] [logging]
Configure extended access control list rule
of ICMP protocol
rule { normal | special }{ permit |
deny } ICMP [source source-addr
source-wildcard | any ] [ destination
dest-addr dest- wildcard | any ]
[icmp-type icmp-type icmp-code]
[logging]