H3C Technologies H3C Intelligent Management Center User Manual
Page 810
796
This option specifies where the pattern matching occurs in this template rule. In this case, the
pattern matching is applied to the source IP address.
•
All: Allows you to permit or deny traffic for all IP addresses.
•
IP Address/Mask: Allows you to enter a specific IP address and its subnet mask for which you want
to either permit or deny traffic for.
a.
Enter an IP address/subnet mask combination in the IP Address/Mask field.
The subnet mask must be entered in dotted decimal notation. A valid IP address/subnet mask
using dotted decimal notation would be
192.168.1.0/255.255.255.0
A forward slash "/" must be used to separate the IP address from the subnet mask.
•
Variable Address: Enter a name for this variable in the field to the right, allowing you to create a
named variable without requiring you to enter the IP addresses/subnet masks in the template. The
named variable then serves as a placeholder for Net Address Group you created using the
Assistant combination when you import the template as a rule set into an existing ACL.
12.
Select the destination IP address option you want to use by clicking the radio button to the left
of the desired option in the Destination Address field in Basic Info section.
This option specifies where the pattern matching occurs in this template rule. In this case, the
pattern matching is applied to the destination IP address.
•
All: Allows you to permit or deny traffic for all IP addresses.
•
IP Address/Mask: Allows you to enter a specific IP address and its subnet mask for which you want
to either permit or deny traffic.
a.
Enter an IP address/subnet mask combination in the IP Address/Mask field.
This option specifies where the pattern matching occurs in this template rule. In this case, the
pattern matching is applied to the destination IP address.
The subnet mask must be entered in dotted decimal notation. A valid IP address/subnet mask
using dotted decimal notation would be
192.168.1.0/255.255.255.0
A forward slash "/" must be used to separate the IP address from the subnet mask.
•
Variable Address: Enter a name for this variable in the field to the right, allowing you to create a
named variable without requiring you to enter the IP addresses/subnet masks in the template. The
named variable then serves as a placeholder for Net Address Group you created using the
Assistant combination when you import the template as a rule set into an existing ACL.
13.
If you selected tcp or udp as the protocol you want to apply this ACL rule to in Step 8, you must also
specify the source TCP or UDP port numbers, as follows:
a.
Select the source TCP or UDP port option by clicking the radio button to the left of the port
option you want to apply in the Source Port field of the Advanced Settings section.
•
Undefined: Allows you to permit or deny traffic for all TCP or UDP port numbers.
•
Specified Port: Allows you to identify a specific TCP or UDP port number or range of numbers.
b.
Click the radio button to the left of Specified Port and select the operator you want to use
from the list located to the right of the Specified Port option.
c.
Enter the TCP or UDP port number in the Port field.
•
Variable Port: Enter a name for this variable in the field to the right. This option allows you to create
a named variable without requiring you to enter the port(s) in the template. The named variable
then serves as a placeholder for Service you creating using the Assistant combination when you
import the template as a rule set into an existing ACL.