3com S7906E 参照ガイド
1-11
rule (in basic IPv4 ACL view)
Syntax
rule [ rule-id ] { deny | permit } [ fragment | logging | source { sour-addr sour-wildcard | any } |
time-range time-range-name | vpn-instance vpn-instance-name ] *
undo rule rule-id [ fragment | logging | source | time-range | vpn-instance ] *
View
Basic IPv4 ACL view
Default Level
2: System level
Parameters
rule-id: Basic IPv4 ACL rule number in the range 0 to 65534.
deny: Defines a deny statement to drop matched packets.
permit: Defines a permit statement to allow matched packets to pass.
fragment: Specifies that the rule applies to only IP fragments. Note that a rule defined with the
fragment keyword matches non-last IP fragments on an SA Series LPUs (line processing units) (for
example, LSQ1FP48SA) or EA Series LPUs (for example, LSQ1GP12EA) while matching non-first IP
fragments on an SC Series LPUs (for example, LSQ1GP24SC). For detailed information about types of
LPUs, refer to the installation manual.
logging: Specifies to log matched packets.
source { sour-addr sour-wildcard | any }: Specifies a source address. The sour-addr sour-wildcard
argument specifies a source IP address in dotted decimal notation. Setting the wildcard to a zero
indicates a host address. The any keyword indicates any source IP address.
time-range time-range-name: Specifies the time range in which the rule takes effect. The
time-range-name argument specifies a time range name with 1 to 32 characters. It is case insensitive
and must start with an English letter. To avoid confusion, this name cannot be all.
vpn-instance vpn-instance-name: Specifies a VPN instance. The vpn-instance-name argument is a
case-sensitive string of 1 to 31 characters. Without this combination, the rule applies to only non-VPN
packets.
Description
Use the rule command to create a basic IPv4 ACL rule or modify the rule if it has existed.
Use the undo rule command to remove a basic IPv4 ACL rule or parameters from the rule.
With the undo rule command, if no parameters are specified, the entire ACL rule is removed; if other
parameters are specified, only the involved information is removed.
Note that:
z
You will fail to create or modify a rule if its permit/deny statement is exactly the same as another
rule. In addition, if the ACL match order is set to auto rather than config, you cannot modify ACL
rules.
z
When defining ACL rules, you need not assign them IDs. The system can automatically assign rule
IDs starting with 0 and increasing in certain rule numbering steps. A rule ID thus assigned is greater