Editing and creating rules
About this task
To create or edit a policy rule, you must enter the context of the rule. If the rule already exists,
you can edit the rule from the rule context. If the rule does not exist, entering the rule context
creates the rule.
Procedure
1. Enter the context of the list in which you want to create or edit a rule.
2. Enter ip-rule followed by the number of the rule you want to create or edit.
For example, to create rule 1, enter ip-rule 1.
Policy lists rule criteria
Rules work in the following ways, depending on the type of list and the type of information in
the packet:
• Layer 4 rules in an access control list with a Permit operation are applied to non-initial
fragments
• Layer 4 rules in an access control list with a Deny operation are not applied to non-initial
fragments, and the device continues checking the next IP rule. This is to prevent cases
in which fragments that belong to other L4 sessions may be blocked by the other L4
session which is blocked.
• Layer 3 rules apply to non-initial fragments
• Layer 3 rules that include the fragment criteria do not apply to initial fragments or non-
fragment packets
• Layer 3 rules that do not include the fragment criteria apply to initial fragments and non-
fragment packets
• Layer 4 rules apply to initial fragments and non-fragment packets
• Layer 3 and Layer 4 rules in QoS and policy-based routing lists apply to non-initial
fragments
Related topics:
Specifying IP protocol on page 570
Specifying a range of IP addresses on page 570
Specifying source and destination port range on page 571
Applying the rule to ICMP type and code on page 572
Specifying TCP establish bit on page 573
Policy lists
Administering Avaya G430 Branch Gateway October 2013 569
To Next Page
Loading...
