Field Description
Source(requi red) Sourceof the traffic, which can be one of the followi ng:
lany:Acts as a wildcard and appli esto any source address.
luser:Thi srefers to traffic from the wireless client.
lhost:This refers to traffic from a specific host. When this option is chosen, you mustconfigure the
IPv6address of the host.For example, 2002:d81f:f9f0:1000:c7e:5d61:585c:3ab.
lnetwork:Thi srefers to a traffic that has a sourceIP from a subnet of IP addresses. When this option
ischosen, you must configure the IPv6 address and network maskof the subnet. For example,
2002:ac10:fe::ffff:ffff:ffff::.
lalias: This refers to using an alias for a host or network.
NOTE:Thi s release does not support IPv6al iases. You cannot configure an alias for an IPv6 host or
network.
Destination
(required)
Destinationof the traffic, which can be configured in the same manner as Source.
Service
(required)
NOTE:Voi ce over IP services are not available for IPv6 polici es.
Typeof traffic, which can be one of the following:
lany:Thi s option specifies that this rule applies to any type of traffic.
ltcp:Using this option, you configure a range of TCP port(s) to match for the rule to be applied.
ludp: Usingthis option, you configure a range of UDP port(s) to match forthe rule to be appli ed.
lservice:Using this option, you use one of the pre-defined services (common protocols such as
HTTPS, HTTP, and others)as the protocol to match for the rule to be applied. You can also specify a
networkservice that you configure by navigating to the Configuration > AdvancedS ervices>
StatefulFirewal l > Network Services page.
lprotocol: Usingthis option, you specify a different layer 4 protocol (other thanTC P/UDP)by
configuring theIP protocol value.
Action(required) Theaction that you want the controller to perform on a packet that matchesthe specified criteria. This
canbe one of the followi ng:
NOTE:The onl y actions for IPv6pol icy rules are permit or deny; i n this release, the controller cannot
performnetwork address translation (NAT) or redirection on IPv6 packets.You can specify options such
asloggi ng, mirroring, or blacklisting (described below).
lpermit: Permits trafficm atching thisrul e.
ldrop: Dropspackets matching this rule w ithout any notification.
Log(optional) Logsa match to this rule. This is recommended w hen a rule indicates a securitybreach, suchas a data
packeton a policy that is meant only to be used for voice calls.
Mirror (optional) Mirrorssession packets to datapathor rem otedestination specified in the IPv6 firewall function (see
“SessionMirror Destination”in Table 39). If thedestination is an IP address, it must be an IPv4 IP
address.
Queue(optional) The queue in which a packet matching this rule should be placed. SelectHigh for higher pri ority data,
suchas voice, andLow for lower priori tytraffic.
Time Range
(optional)
Time range for which this rule is applicable. You configure time ranges in the Configuration > Security>
AccessControl > Time R angespage.
BlackList
(optional)
Automaticallybl acklistsa cli entthat is the source or destination of traffic matching this rule. This option
isrecom mended for rules thatindi catea security breach where the blacklisting option can be used to
preventaccess to clients that are attempting tobreach the security.
TOS(optional) Valueof typeof service (TOS) bits to be marked in the IP header of a packetm atching thisrul e when it
leavesthe controller.
802.1pPriority
(optional)
Value of802.1p priority bits to be marked in the frame of a packet matching this rule when it leaves the
controller.
Table40 :

IPv6 FirewallPolicy RuleParameters

DellPowerConnect W- Series ArubaOS 6.2 | UserGuide IPv6Support | 144