Configuring an IPv6 object policy rule

You can specify an existing object group in an IPv6 object policy rule for matching target IPv6 packets. If no object group is specified for a rule, the rule applies to all IPv6 packets.

The following object groups can be used in a rule for packet matching:

For more information about object groups, see "Configuring object groups."

To configure an IPv6 object policy rule:

Step

Command

Remarks

1. Enter system view.

system-view

N/A

2. Enter IPv6 object policy view.

object-policy ipv6 object-policy-name

N/A

3. Configure an IPv6 object policy rule.

rule [ rule-id ] { drop | pass | inspect app-profile-name } [ [ source-ip { object-group-name | any } ] [ destination-ip { object-group-name | any } ] [ service { object-group-name | any } ] [ vrf vrf-name ] [ application application-name ] [ app-group app-group-name ] [ counting ] [ disable ] [ logging ] [ track [ negative ] track-entry-number ] [ time-range time-range-name ] ] *

By default, no IPv6 object policy rules are configured.

If you specify a nonexistent object group, the rule does not match packets.

4. (Optional.) Configure a description for the rule.

rule rule-id comment text

By default, an object policy rule does not have a description.