25
To view the existing IPv4 basic and advanced ACL rules, use the display acl all command.
The rule ID is required in the undo rule rule-id command.
If you do not specify optional parameters, the undo rule rule-id command deletes the entire rule. If
you specify optional parameters, the undo rule rule-id command deletes the specified attributes.
The undo rule { deny | permit } command can only be used to delete the entire rule. You must
specify all the attributes of the rule for the command.
The counting keyword in this command enables match counting specific to rules, and the
hardware-count keyword in the packet-filter command enables match counting for all rules in an
ACL.
Examples
# Create a rule in IPv4 basic ACL 2000 to deny the packets from any source IP subnet but 10.0.0.0/8,
172.17.0.0/16, or 192.168.1.0/24.
<Sysname> system-view
[Sysname] acl basic 2000
[Sysname-acl-ipv4-basic-2000] rule permit source 10.0.0.0 0.255.255.255
[Sysname-acl-ipv4-basic-2000] rule permit source 172.17.0.0 0.0.255.255
[Sysname-acl-ipv4-basic-2000] rule permit source 192.168.1.0 0.0.0.255
[Sysname-acl-ipv4-basic-2000] rule deny source any
Related commands
acl
acl logging interval
display acl
step
time-range
rule (IPv6 advanced ACL view)
Use rule to create or edit an IPv6 advanced ACL rule.
Use undo rule to delete an entire IPv6 advanced ACL rule or some attributes in the rule.
Syntax
rule [ rule-id ] { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst
rst-value | syn syn-value | urg urg-value } * | established } | counting | destination { dest-address
dest-prefix | dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp |
flow-label flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } |
logging | routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address
source-prefix | source-address/source-prefix | any } | source-port operator port1 [ po
rt2 ] |
time-range time-range-name | vpn-instance vpn-instance-name ] *
undo rule rule-id [ { { ack | fin | psh | rst | syn | urg } * | established } | counting | destination |
destination-port | dscp | flow-label | fragment | icmp6-type | logging | routing | hop-by-hop |
source | source-port | time-range | vpn-instance ] *
undo rule { deny | permit } protocol [ { { ack ack-value | fin fin-value | psh psh-value | rst rst-value
| syn syn-value | urg urg-value } * | established } | counting | destination { dest-address de
st-prefix
| dest-address/dest-prefix | any } | destination-port operator port1 [ port2 ] | dscp dscp | flow-label
flow-label-value | fragment | icmp6-type { icmp6-type icmp6-code | icmp6-message } | logging |
routing [ type routing-type ] | hop-by-hop [ type hop-type ] | source { source-address source-prefix
| source-address/source-prefix | any } | source-port operator port1 [ port2 ] | time-range
time-range-name | vpn-instance vpn-instance-name ] *
To Next Page
Loading...
