1. Manuals
  2. Brands
  3. HP Manuals
  4. IP Access Controllers
  5. A-U200
  6. Command reference manual

HP A-U200 Command Reference Manual page 18

Unified threat management products
Hide thumbs
Table of Contents

Advertisement

undo rule rule-id [ fragment | logging | source | time-range | vpn-instance ] *
View
IPv4 basic ACL view
Default level
2: System level
Parameters
rule-id: Specifies a rule ID, in the range of 0 to 65534. If no rule ID is provided when you create an ACL
rule, the system automatically assigns it a rule ID. This rule ID takes the nearest higher multiple of the
numbering step to the current highest rule ID, starting from 0. For example, if the rule numbering step is
5 and the current highest rule ID is 28, the rule is numbered 30.
deny: Denies matching packets.
permit: Allows matching packets to pass.
fragment: Applies the rule only to non-first fragments. A rule without this keyword applies to both
fragments and non-fragments.
logging: Logs matching packets. This function is available only when the application module that uses the
ACL supports the logging function.
source { sour-addr sour-wildcard | any }: Matches a source address. The sour-addr sour-wildcard
arguments represent a source IP address and wildcard mask in dotted decimal notation. A wildcard
mask of zeros specifies a host address. The any keyword represents any source IP address.
time-range time-range-name: Specifies a time range for the rule. The time-range-name argument is a
case-insensitive string of 1 to 32 characters. It must start with an English letter. If the time range is not
configured, the system creates the rule; however, the rule using the time range can take effect only after
you configure the timer range.
vpn-instance vpn-instance-name: Applies the rule to packets in a VPN instance. The vpn-instance-name
argument takes a case-sensitive string of 1 to 31 characters. If no VPN instance is specified, the rule
applies only to non-VPN packets.
Description
Use the rule command to create or edit an IPv4 basic ACL rule. You can edit ACL rules only when the
match order is config.
Use the undo rule command to delete an entire IPv4 basic ACL rule or some attributes in the rule. If no
optional keywords are provided, you delete the entire rule. If optional keywords or arguments are
provided, you delete the specified attributes.
By default, an IPv4 basic ACL does not contain any rule.
Within an ACL, the permit or deny statement of each rule must be unique. If the ACL rule you are creating
or editing has the same deny or permit statement as another rule in the ACL, your creation or editing
attempt fails.
To view rules in an ACL and their rule IDs, use the display acl all command.
Related commands: acl, display acl, step, and time-range.
Examples
# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP segment but 10.0.0.0/8,
172.17.0.0/16, or 192.168.1.0/24.
<Sysname> system-view
12

Advertisement

Table of Contents
loading

Related Manuals for HP A-U200

Related Products for HP A-U200

Table of Contents