Filter
Top Products
1996 CHAPTER 130: PACKET FILTER FIREWALL CONFIGURATION COMMANDS
Use the undo firewall ipv6 fragments-inspect command to disable IPv6
fragments inspection.
By default, IPv6 fragments inspection is disabled.
Example # Enable IPv6 fragments inspection.
<Sysname> system-view
[Sysname] firewall ipv6 fragments-inspect
firewall packet-filter
Syntax firewall packet-filter { acl-number | name acl-name } { inbound | outbound }
[ match-fragments { normally | exactly }]
undo firewall packet-filter acl-number { inbound | outbound }
View Interface view
Parameter acl-number: Basic ACL number, in the range 2000 to 2999; advanced ACL
number, in the range 3000 to 3999.
name acl-name: Specifies the name of a basic or advanced IPv4 ACL, a
case-insensitive string of 1 to 32 characters that must start with an English letter a
to z or A to Z. To avoid confusion, the word “all” cannot be used as the ACL
name.
inbound: Filters packets in the inbound direction.
outbound: Filters packets in the outbound direction.
match-fragments: Specifies the fragment match mode (for advanced ACLs only).
normally: Specifies the normal match mode, which is the default mode.
exactly: Specifies the exact match mode.
Description Use the
firewall packet-filter command to configure IPv4 packet filtering on
the interface.
Use the
undo firewall packet-filter command to cancel the configuration.
Packets are not filtered on an interface by default.
Related command: firewall fragments-inspect.
Example # Apply ACL 2001 on Serial 2/0 to filter packets forwarded by the interface.
<Sysname> system-view
[Sysname] interface serial 2/0
[Sysname-Serial2/0] firewall packet-filter 2001 outbound