Modifying the link rule of a link acl template – H3C Technologies H3C Intelligent Management Center User Manual

823

Traditional packet filtering matched only first fragments of IPv4 packets and allowed all

subsequent non-first fragments to pass through. This resulted in security risks as hackers can
fabricate non-first fragments to attack networks.

16.

Click the radio button to the left of Yes in the Logging option if you want to enable logging for
this rule.
This feature enables the logging of packet filtering only when a module (for example, a firewall) is
using the ACL supports logging.

17.

Enter the VPN instance you want to apply to this rule by entering the VPN-instance-name in the
VPN Instance field.
A valid entry must be 0 – 31 characters that cannot contain question marks or blank spaces. This
field is case sensitive. If no VPN instance is specified in this field, the rule applies only to non-VPN

packets.

18.

Click OK to accept the modifications to the rule.

19.

Click OK to accept the modifications to the template.

Modifying the link rule of a link ACL template

To modify the link rule of a link ACL template:

1.

Navigate to ACL Template:

a.

Click the Service tab from the tabular navigation system on the top.

b.

Click ACL Management section of the navigation tree on the left.

c.

Click the ACL Template link located under ACL Management on the navigation tree on the left.
The Template List displays in the main pane of the page.

2.

Click the icon in the Modify field associated with the link template you want to modify.
The Modify Template displays with the Rule List for the selected ACL template in the main pane.

3.

Click the icon in the Modify field associated with the rule you want to modify.

4.

Select the action you want to take by clicking the radio button to the left of the option you want

to apply to this rule:

{

Select permit if, upon matching the specified conditions, the packet should be forwarded.

{

Select deny if, upon matching the specified conditions, the packet should be discarded.

5.

Enter a named variable for this ACL template in the Time Range field allowing you to create a

named variable without requiring you enter the Time Range in the template.
The named variable then serves as a placeholder for Time Range you created using the Assistant
combination when you import the template as a rule set into an existing ACL.

6.

Select the source MAC address option you want to use by clicking the radio button to the left of

the desired option in the Source MAC Addr field of the Basic Info section.
This option specifies where the pattern matching occurs in this template rule. In this case, the
pattern matching is applied to the source MAC address.

•

All: Allows you to permit or deny traffic for all MAC addresses.

•

MAC Address/Mask: Allows you to enter a specific MAC address and mask for which you want to
either permit or deny traffic for.
A valid MAC address format for IMC consists of three sets of four hexadecimal characters
separated by a dash, "-". For example,

0014-2ad9-05f7

would be a valid entry for a MAC address in IMC.