[x]

ACL commands > packet-filter global

 

 Next

packet-filter global

Use packet-filter global to apply an ACL to filter packets globally.

Use undo packet-filter global to remove an ACL for filtering packets globally.

Syntax

packet-filter [ ipv6 ] { acl-number | name acl-name } global { inbound | outbound } [ hardware-count ]

undo packet-filter [ ipv6 ] { acl-number | name acl-name } global { inbound | outbound }

Default

Physical interfaces do not filter packets.

Views

System view

Predefined user roles

network-admin

mdc-admin

Parameters

acl-number: Specifies an ACL by its number:

name acl-name: Specifies an ACL by its name. The acl-name argument is a case-insensitive string of 1 to 63 characters. It must start with an English letter. For a basic ACL or advanced ACL, if you do not specify the ipv6 keyword, this option specifies the name of an IPv4 basic ACL or advanced ACL; if you specify the ipv6 keyword, this option specifies the name of an IPv6 basic ACL or advanced ACL.

global: Specifies all physical interfaces.

inbound: Filters incoming packets.

outbound: Filters outgoing packets.

hardware-count: Enables counting ACL rule matches performed in hardware. This keyword enables match counting for all rules in an ACL, and the counting keyword in the rule command enables match counting specific to rules. If the hardware-count keyword is not specified, rule matches for the ACL are not counted.

Examples

# Apply IPv4 basic ACL 2001 to filter incoming traffic on all physical interfaces, and enable counting ACL rule matches performed in hardware.

<Sysname> system-view
[Sysname] packet-filter 2001 global inbound hardware-count

Related commands

prev

 

up

 next

packet-filter default hardware-count 

home

 packet-filter vlan

© Copyright 2014 Hewlett-Packard Development Company, L.P.