H3C Technologies H3C Intelligent Management Center User Manual
Page 820
806
{
Variable Port: Allows you to create a named variable without requiring you to enter the ports in
the template. The named variable then serves as a placeholder for Service you creating using
the Assistant combination when you import the template as a rule set into an existing ACL.
b.
Enter a name for this variable in the field to the right.
11.
If you selected TCP or UDP as the protocol you want to apply this ACL rule to in Step 5, you must
also specify the destination TCP or UDP port numbers:
a.
Select the destination TCP or UDP port option by clicking the radio button to the left of the
port option you want to apply in the Destination Port field of the Advanced Settings section:
{
Undefined: Allows you to permit or deny traffic for all TCP or UDP port numbers.
{
Specified Port: Allows you to identify a specific TCP or UDP port number or range of numbers.
Click the radio button to the left of Specified Port and select the operator you want to use from
the list located to the right of the Specified Port option. Enter the TCP or UDP port number in the
Port field.
{
Variable Port: Allows you to create a named variable without requiring you to enter the ports in
the template. The named variable then serves as a placeholder for Service you creating using
the Assistant combination when you import the template as a rule set into an existing ACL.
b.
Enter a name for this variable in the field to the right.
12.
If you selected TCP or UDP as the protocol you want to apply this ACL rule to in Step 5, you may
be promoted to select these options:
{
Click the radio button to the left of Yes in the HP ACK option if you want to apply the rule to
match the TCP ACK, otherwise click on the radio button to the left of No.
{
Click the radio button to the left of Yes in the HP FIN option if you want to apply the rule to
match the TCP FIN, otherwise click on the radio button to the left of No.
{
Click the radio button to the left of Yes in the HP RST option if you want to apply the rule to
match the TCP RST, otherwise click on the radio button to the left of No.
{
Click the radio button to the left of Yes in the HP SYN option if you want to apply the rule to
match the TCP SYN, otherwise click on the radio button to the left of No.
The HP ACK, HP FIN, HP RST, and HP SYN settings are valid only for the HP E series devices.
13.
Select the IP priority you want to apply to ACL template from the IP Priority list.
14.
Select the Type of Service for this ACL template from the ToS Value list.
15.
Select the DSCP value you want to apply to this ACL template from the DSCP Value list.
16.
Do one of the following:
{
Click the radio button to the left of Yes in the Fragment option if you want to apply the rule
to each fragment, or
{
Click the radio button to the left of No in the Fragment if you want to apply the rule to first
fragments.
Traditional packet filtering matched only first fragments of IPv4 packets and allowed all
subsequent non-first fragments to pass through. This resulted in security risks as hackers can
fabricate non-first fragments to attack networks.
17.
Click the radio button to the left of Yes in the Logging option if you want to enable logging for
this rule.
This feature enables the logging of packet filtering only when a module (for example, a firewall)
using the ACL supports logging.