H3C Technologies H3C Intelligent Management Center User Manual
Page 854
840
a.
Select the destination TCP or UDP port by clicking the radio button to the left of the port
option you want to apply in the Destination Port section of the Configure Rule – Add Rule page:
{
Undefined: Allows you to permit or deny traffic for all TCP or UDP port numbers.
{
Specified Port: Allows you to identify a specific TCP or UDP port number or range of numbers.
b.
Click the radio button to the left of Specified Port and select the operator you want to use
from the list located to the right of the Specified Port option.
c.
Enter the TCP or UDP port number in the Port field.
21.
If you selected TCP or UDP as the protocol you want to apply this ACL rule to in Step 12, you could
be prompted to select these options:
{
Click the radio button to the left of Yes in the HP ACK option if you want to apply the rule to
match the TCP ACK, otherwise click on the radio button to the left of No.
{
Click the radio button to the left of Yes in the HP FIN option if you want to apply the rule to
match the TCP FIN, otherwise click on the radio button to the left of No.
{
Click the radio button to the left of Yes in the HP RST option if you want to apply the rule to
match the TCP RST, otherwise click on the radio button to the left of No.
{
Click the radio button to the left of Yes in the HP SYN option if you want to apply the rule to
match the TCP SYN, otherwise click on the radio button to the left of No.
The HP ACK, HP FIN, HP RST, or HP SYN settings are valid only for the HP E series devices.
22.
Select the IP priority you want to apply to ACL from the IP Priority list.
23.
Select the Type of Service for this ACL from the TOS Value list.
24.
Select the DSCP value you want to apply to this ACL from the DSCP Value list.
25.
Do one of the following:
{
Click the radio button to the left of Yes in the Fragment option if you want to apply the rule
to each fragment.
{
Click the radio button to the left of No in the Fragment option if you want to apply the rule to
first fragments.
Traditional packet filtering matched only first fragments of IPv4 packets and allowed all
subsequent non-first fragments to pass through. This resulted in security risks as hackers can
fabricate non-first fragments to attack networks.
26.
Click the radio button to the left of Yes in the Logging option if you want to enable logging for
this rule.
This feature enables the logging of packet filtering only when a module (for example, a firewall)
using the ACL supports logging.
27.
Enter the VPN instance you want to apply to this rule by entering the VPN-instance-name in the
VPN Instance field.
A valid entry must be 0 – 31 characters that cannot contain question marks or blank spaces. This
field is case sensitive. If no VPN instance is specified in this field, the rule applies to non-VPN
packets only.
28.
Click OK to create the rule you have just configured.
29.
To add more rules, modify, copy, sort, optimize or delete existing rules, select one of the following:
{
To add more rules to the ACL, repeat Steps 14-27.
{
To modify rules you have already created, click the Modify icon associated with the rule
sequence you want to modify. For more information about modifying a rule set, see "