HP Firewall 120

Configuring source IP-based Telnet login control

	Step		Command			Remarks
1.		Enter system view.	system-view			N/A

2.		Create a basic ACL and enter	acl [ ipv6 ] number acl-number[ name			By default, no basic ACL
		its view, or enter the view of	acl [ ipv6 ] number acl-number[ name			By default, no basic ACL
		its view, or enter the view of	name ] [ match-order { config auto } ]			exists.
		an existing basic ACL.	name ] [ match-order { config auto } ]			exists.
		an existing basic ACL.

			•	For IPv4 networks:		By default, a basic ACL
				rule [ rule-id] { deny permit }		does not contain any rule.
				[ counting fragment logging		The logging keyword takes
				source { sour-addr sour-wildcard		effect only when the module
				any } time-range time-range-name		effect only when the module
				any } time-range time-range-name		(such as the firewall) using
				vpn-instancevpn-instance-name ] *		(such as the firewall) using
				vpn-instancevpn-instance-name ] *		the ACL supports the
						the ACL supports the
	3. Configure an ACL rule.		•	For IPv6 networks:		logging function.
	3. Configure an ACL rule.			rule [ rule-id] { deny permit }		NOTE:
				rule [ rule-id] { deny permit }		NOTE:
				[ counting fragment logging		Support for the ipv6-address
				routing [ type routing-type] source		Support for the ipv6-address
				routing [ type routing-type] source		argument depends on the
				{ ipv6-address prefix-length		argument depends on the
				{ ipv6-address prefix-length		device model. For more
				ipv6-address/prefix-length any }		device model. For more
				ipv6-address/prefix-length any }		information, see Getting
				time-rangetime-range-name		information, see Getting
				time-rangetime-range-name		Started Command
				vpn-instancevpn-instance-name ] *		Started Command
				vpn-instancevpn-instance-name ] *		Reference.
						Reference.
4.		Exit the basic ACL view.	quit			N/A

5.		Enter user interface view.	user-interface [ type ] first-number			N/A
5.		Enter user interface view.	[ last-number ]			N/A
			[ last-number ]

						•	inbound: Filters
							incoming packets.
						•	outbound: Filters
							outgoing packets.
6.		Use the ACL to control user	acl [ ipv6 ] acl-number{ inbound			NOTE:
		logins by source IP address.	outbound }			Support for the ipv6
						keyword depends on the
						device model. For more
						information, see Getting
						Started Command
						Reference.
Configuring source/destination IP-based Telnet login control

	Step		Command		Remarks
1.		Enter system view.	system-view		N/A

					By default, no advanced ACL
2.		Create an advanced ACL and			exists.
2.		Create an advanced ACL and	acl [ ipv6 ] number acl-number		NOTE:
		enter its view, or enter the	acl [ ipv6 ] number acl-number		NOTE:
		view of an existing advanced	[ name name ] [ match-order		Support for the ipv6 keyword
		view of an existing advanced	{ config auto } ]		Support for the ipv6 keyword
		ACL.	{ config auto } ]		depends on the device model. For
		ACL.			depends on the device model. For

more information, see Getting Started Command Reference.

114