Filter
Top Products
556 CHAPTER 39: CONFIGURING FIREWALL
normal means that this rule functions during normal time range, while special
means that this rule will function during the special time range. Users shall set the
special time range when using
special. Multiple rules with the same serial
number will be matched according to “depth-first”principle.
By default, normal is adopted.
Setting the Default
Firewall Filtering Mode
The default firewall-filtering mode means that when there is no suitable access
rule to determine whether a user data packet can pass through, the default
firewall-filtering mode set by the user will determine whether to permit or inhibit
this data packet to pass.
Perform the following configurations in system view.
Table 624 Set Default Firewall Filtering Mode
The default firewall-filtering mode is message pass permitted by default.
Configuring Special
Timerange
Enabling and disabling filtering according to timerange
Filtering according to time range means in different time ranges the IP data
packets are filtered with different access rules. It is also called the special rules for
special time.
The time ranges are classified into two types according to actual applications:
■ Special time range: Time within the set time range (specified by key word
special)
■ Normal time range: Time beyond the specified time range (specified by key
word
normal)
Similarly, the access control rules are also classified into two types:
■ Normal packet-filtering access rules
■ Special time range packet-filtering access rules
These two types of time ranges define different access control lists and access
rules, which are not affected by each other. In actual applications, they can be
considered as two independent sets of rules, and the system will determine which
Configure extended access control list rule
of other protocols
rule { normal | special }{ permit |
deny } pro-number [source
source-addr source-wildcard | any ] [
destination dest-addr dest- wildcard
| any ] [logging]
Delete specific access list rule undo rule { rule-id | normal |
special }
Delete access list undo acl {acl-number| all }
Operation Command
Operation Command
Set the default firewall filtering mode as
message pass permitted
firewall default permit
Set the default firewall filtering mode as
message pass inhibited
firewall default deny