9
Configuring packet filtering with ACLs
This section describes procedures for applying an ACL to filter incoming or outgoing IPv4 or IPv6 packets
on the specified interface.
Applying an ACL to an interface for packet filtering
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Enter Ethernet interface view
or VLAN-interface view.
interface interface-type
interface-number
N/A
3. Apply an ACL to the interface
to filter packets.
packet-filter [ ipv6 ] { acl-number |
name acl-name } { inbound |
outbound } [ hardware-count ]
By default, an interface does not
filter packets.
You can apply up to one ACL to the
same direction of an interface.
Setting the interval for generating and outputting packet
filtering logs
After you set the interval, the device periodically generates and outputs the packet filtering logs,
including the number of matching packets and the matched ACL rules.
To set the interval for generating and outputting packet filtering logs:
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the interval for generating
and outputting packet filtering
logs.
acl [ ipv6 ] logging interval interval
The default setting is 0 minutes,
which mean that no packet filtering
logs are generated.
Setting the packet filtering default action
Ste
Command
Remarks
1. Enter system view.
system-view N/A
2. Set the packet filtering default
action to deny.
packet-filter default deny
By default, the packet filter permits
packets that do not match any ACL
rule to pass.
Displaying and maintaining ACLs
Execute display commands in any view and reset commands in user view.
To Next Page
Loading...
