apply deny

Function

The apply deny command enables a device to discard the traffic matching a filtering rule.

The undo apply deny command cancels the configuration.

By default, no traffic is discarded.

Format

apply deny

undo apply deny

Parameters

None

Views

Flow-Route-IPv6 view, Flow-Route view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
flow-route write

Usage Guidelines

Usage Scenario

When the apply deny command is configured for a BGP (IPv6) Flow Specification route or BGP (IPv6) VPN Flow Specification route, the traffic matching a filtering rule is discarded to protect the target device from attacks, and to ensure network security.

Prerequisites

A BGP (IPv6) Flow Specification route or BGP (IPv6) VPN Flow Specification route has been configured using the flow-route command in the system view.

Example

# Configure a filtering action for static BGP Flow Specification route Rule 1 to discard the traffic matching a filtering rule.
<HUAWEI> system-view
[~HUAWEI] flow-route Rule1
[*HUAWEI-flow-route] if-match port equal 24
[*HUAWEI-flow-route] apply deny
# Configure the operation of discarding matching traffic in static BGP IPv6 Flow Specification route Rule 1.
<HUAWEI> system-view
[~HUAWEI] flow-route Rule1 ipv6
[*HUAWEI-flow-route-ipv6] if-match port equal 24
[*HUAWEI-flow-route-ipv6] apply deny
Parent Topic: BGP Flow Specification Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >