H3C Technologies H3C Intelligent Management Center User Manual
Page 808
794
192.168.1.0/255.255.255.0
A valid IP address/subnet mask using CIDR would be
192.168.1.0/24
A forward slash "/" must be used to separate the IP address from the subnet mask.
•
Variable Address: Allows you to create a named variable without requiring you to enter the IP
addresses/subnet masks in the template. The named variable then serves as a placeholder for Net
Address Group you created using the Assistant combination when you import the template as a rule
set into an existing ACL.
b.
Enter a name for this variable in the field to the right.
11.
Do one of the following:
{
Click the radio button to the left of Yes in the Fragment option if you want to apply the rule
to each fragment.
{
Click the radio button to the left of No in the Fragment option if you want to apply the rule
to first fragments.
Traditional packet filtering matched only first fragments of IPv4 packets and allowed all
subsequent non-first fragments to pass through. This resulted in security risks as hackers can
fabricate non-first fragments to attack networks.
12.
Click the radio button to the left of Yes in the Logging option if you want to enable logging for
this rule.
This feature enables the logging of packet filtering only when a module (for example, a firewall)
using the ACL supports logging.
13.
Enter the VPN instance you want to apply to this rule by entering the VPN-instance-name in the
VPN Instance field.
A valid entry must be 0-31 characters that cannot contain question marks or blank spaces. This
field is case sensitive. If no VPN instance is specified in this field, the rule applies only to non-VPN
packets.
14.
Click OK to create the rule you have just configured.
15.
Do one of the following:
{
To add more rules to the ACL template, repeat Steps 7-17.
{
To delete one or more rules from the ACL template, click the checkbox to the left of the
sequence number of the rule(s) you want to delete and click the Delete button located above the
rule table. Click OK to confirm the deletion of the selected rule(s).
{
To modify the rules you have already created, click the Modify icon associated with the rule
sequence you want to modify. For more information about modifying a rule set, see "
modifying a basic rule in a basic ACL rule set
".
{
To copy rules you have already created, click the Copy
icon associated with the rule
sequence you want to copy. For more information about copying a rule set, see "
Rules that belong to a rule set that is configured with a Match Order of 'Config' are executed in the
order in which they appear in the rule set.
The order in which rules appear in a rule set is initially defined by the order in which they are
created. You can reorder the rules in a rule set using the Sort feature. For more information about
using Sort to redefine the order of appearance of rules in a rule set, see "
16.
Click OK to create the ACL template.