< Home

firewall fragment-drop enable

Function

The firewall fragment-drop enable command drops ACL fragmented packets.

The undo firewall fragment-drop enable command cancels the previous configuration.

Format

firewall fragment-drop enable acl-number

undo firewall fragment-drop enable

Parameters

Parameter Description Value
acl-number Specifies the number of a basic ACL. The value is an integer ranging from 2000 to 3999.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

By default, this function is disabled.

This command takes effect only when the rule in the associated ACL is deny.

Example

# Drop fragmented packets that match a basic ACL with ID 2001.

<sysname> system view
[sysname] firewall fragment-drop enable 2001
Parent Topic: IP Performance Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >