556 CHAPTER 39: CONFIGURING FIREWALL

Operation

Command

 

 

Configure extended access control list rule

rule { normal special }{ permit

of other protocols

deny } pro-number[source

 

source-addr source-wildcard any ] [

 

destination dest-addr dest- wildcard

 

any ] [logging]

 

 

Delete specific access list rule

undo rule { rule-id normal

 

special }

 

 

Delete access list

undo acl {acl-numberall }

normal means that this rule functions during normal time range, while special means that this rule will function during the special time range. Users shall set the special time range when using special. Multiple rules with the same serial number will be matched according to “depth-first”principle.

By default, normal is adopted.

Setting the Default The default firewall-filtering mode means that when there is no suitable access Firewall Filtering Mode rule to determine whether a user data packet can pass through, the default

firewall-filtering mode set by the user will determine whether to permit or inhibit this data packet to pass.

Perform the following configurations in system view.

Configuring Special Timerange

Table 624 Set Default Firewall Filtering Mode

Operation

Command

 

 

 

 

Set the default firewall filtering mode as

firewall

default permit

message pass permitted

 

 

 

 

 

Set the default firewall filtering mode as

firewall

default deny

message pass inhibited

 

 

 

 

 

The default firewall-filtering mode is message pass permitted by default.

Enabling and disabling filtering according to timerange

Filtering according to time range means in different time ranges the IP data packets are filtered with different access rules. It is also called the special rules for special time.

The time ranges are classified into two types according to actual applications:

Special time range: Time within the set time range (specified by key word

special)

Normal time range: Time beyond the specified time range (specified by key word normal)

Similarly, the access control rules are also classified into two types:

Normal packet-filtering access rules

Special time range packet-filtering access rules

These two types of time ranges define different access control lists and access rules, which are not affected by each other. In actual applications, they can be considered as two independent sets of rules, and the system will determine which

Page 560
Image 560
3Com 10014299 manual Enabling and disabling filtering according to timerange, Configuring Special Timerange