HP Firewall manual 120

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

2.

Create a basic ACL and enter

acl [ ipv6 ] number acl-number[ name

By default, no basic ACL

its view, or enter the view of

name ] [ match-order { config auto } ]

exists.

an existing basic ACL.

•

For IPv4 networks:

By default, a basic ACL

rule [ rule-id] { deny permit }

does not contain any rule.

[ counting fragment logging

The logging keyword takes

source { sour-addr sour-wildcard

effect only when the module

any } time-range time-range-name

(such as the firewall) using

vpn-instancevpn-instance-name ] *

the ACL supports the

3. Configure an ACL rule.

•

For IPv6 networks:

logging function.

rule [ rule-id] { deny permit }

NOTE:

[ counting fragment logging

Support for the ipv6-address

routing [ type routing-type] source

argument depends on the

{ ipv6-address prefix-length

device model. For more

ipv6-address/prefix-length any }

information, see Getting

time-rangetime-range-name

Started Command

vpn-instancevpn-instance-name ] *

Reference.

4.

Exit the basic ACL view.

quit

N/A

5.

Enter user interface view.

user-interface [ type ] first-number

N/A

[ last-number ]

•

inbound: Filters

incoming packets.

•

outbound: Filters

outgoing packets.

6.

Use the ACL to control user

acl [ ipv6 ] acl-number{ inbound

NOTE:

logins by source IP address.

outbound }

Support for the ipv6

keyword depends on the

device model. For more

information, see Getting

Started Command

Reference.

Configuring source/destination IP-based Telnet login control

Step

Command

Remarks

1.

Enter system view.

system-view

N/A

By default, no advanced ACL

2.

Create an advanced ACL and

exists.

acl [ ipv6 ] number acl-number

NOTE:

enter its view, or enter the

view of an existing advanced

[ name name ] [ match-order

Support for the ipv6 keyword

{ config auto } ]

ACL.

depends on the device model. For