rule

Function

The rule ipv4 command configures a whitelist rule for IPv4 addresses.

The undo rule ipv4 command deletes a whitelist rule for IPv4 addresses.

The rule ipv6 command configures a whitelist rule for IPv6 addresses.

The undo rule ipv6 command deletes a whitelist rule for IPv6 addresses.

By default, no whitelist rule is configured.

Format

rule rule-name ipv4 { source { src-ip-address [ src-mask-length ] | any src-mask-length } | destination { dest-ip-address [ dest-mask-length ] | any dest-mask-length } | protocol { { tcp | udp | sctp | protocol-number4 | protocol-number5 | protocol-number6 } [ source-port src-port-number ] [ destination-port dest-port-number ] | { protocol-number | protocol-number3 | protocol-number7 | protocol-number8 } } } *

rule rule-name ipv6 { source-ipv6 { src-ipv6-address [ src6-mask-length ] | any src6-mask-length } | destination-ipv6 { dest-ipv6-address [ dest6-mask-length ] | any dest6-mask-length } | protocol { { tcp | udp | sctp | protocol-number4 | protocol-number5 | protocol-number6 } [ source-port src-port-number ] [ destination-port dest-port-number ] | { protocol-number | protocol-number3 | protocol-number7 | protocol-number8 } } } *

undo rule rule-name ipv4 [ source { src-ip-address [ src-mask-length ] | any src-mask-length } ] [ destination { dest-ip-address [ dest-mask-length ] | any dest-mask-length } ] [ protocol { { tcp | udp | sctp | protocol-number4 | protocol-number5 | protocol-number6 } [ source-port src-port-number ] [ destination-port dest-port-number ] | { protocol-number | protocol-number3 | protocol-number7 | protocol-number8 } } ]

undo rule rule-name ipv6 [ source-ipv6 { src-ipv6-address [ src6-mask-length ] | any src6-mask-length } ] [ destination-ipv6 { dest-ipv6-address [ dest6-mask-length ] | any dest6-mask-length } ] [ protocol { { tcp | udp | sctp | protocol-number4 | protocol-number5 | protocol-number6 } [ source-port src-port-number ] [ destination-port dest-port-number ] | { protocol-number | protocol-number3 | protocol-number7 | protocol-number8 } } ]

Parameters

Parameter Description Value
rule-name

Specifies the name of a whitelist rule.

The value is a string of 1 to 31 case-sensitive characters, spaces not supported.
source src-ip-address

Specifies a source IPv4 address.

The value is in dotted decimal notation.
src-mask-length

Specifies a mask length for the source IPv4 address of a target flow.

The value is an integer ranging from 1 to 32.
any

Specifies that any address is masked to match the dynamic flow.

-
destination dest-ip-address

Specifies a destination IPv4 address.

The value is in dotted decimal notation.
dest-mask-length

Specifies a mask length for the destination IPv4 address of a target flow.

The value is an integer ranging from 1 to 32.
protocol

Specifies a protocol type.

-
tcp

Indicates that the protocol type is TCP.

-
udp

Indicates that the protocol type is UDP.

-
protocol-number4

Specifies a protocol number.

The value is 6.
protocol-number5

Specifies a protocol number.

The value is 17.
source-port src-port-number

Specifies a start source port number for a target flow.

The value is an integer ranging from 1 to 65535.
destination-port dest-port-number

Specifies a start destination port number for a target flow.

The value is an integer ranging from 1 to 65535.
protocol-number

Specifies a protocol number.

The value is an integer ranging from 0 to 5.
protocol-number3

Specifies a protocol number.

The value is an integer ranging from 7 to 16.
source-ipv6 src-ipv6-address

Specifies a source IPv6 address.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
src6-mask-length

Specifies a mask length for the source IPv6 address of a target flow.

The value is an integer that ranges from 32 to 96.
destination-ipv6 dest-ipv6-address

Specifies a destination IPv6 address.

The value is a 32-digit hexadecimal number, in the format of X:X:X:X:X:X:X:X.
dest6-mask-length

Specifies a mask length for the destination IPv6 address of a target flow.

The value is an integer that ranges from 32 to 128.
sctp

Indicates that the protocol type is SCTP.

-
protocol-number6

Specifies a protocol type.

The value is 132.
protocol-number7

Specifies a protocol type.

The value is an integer ranging from 18 to 131.
protocol-number8

Specifies a protocol type.

The value is an integer ranging from 133 to 254.

Views

IFIT-whitelist-group view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ifit write

Usage Guidelines

Usage Scenario

This command is used to configure whitelist rules in a whitelist group.

Precautions

If the IP address in the whitelist rule is set to any, the mask length must be greater than or equal to 8.

If IPv4 is specified in the whitelist rule, the protocol number cannot be 1. If IPv6 is specified in the whitelist rule, the protocol number cannot be 58. Otherwise, the function does not take effect.

Example

# Create a whitelist rule for iFIT flows.
<HUAWEI> system-view
[~HUAWEI] ifit
[*HUAWEI-ifit] whitelist-group 1
[*HUAWEI-ifit-whitelist-group-1] rule rule1 source 10.1.1.1 24 destination 10.1.2.2 24 protocol tcp
Parent Topic: iFIT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >