| Parameter | Description | Value |
|---|---|---|
| rule-name1 | Specifies the name of a rule to be moved. | The specified security policy rule must exist. |
| after | Moves rule-name1 after rule-name2. | - |
| before | Moves rule-name1 before rule-name2. | - |
| rule-name2 | Specifies the name of the target rule. | The specified security policy rule must exist. |
| up | Moves the rule before the upper one. | - |
| down | Moves the rule after the lower one. | - |
| top | Moves the rule to the top. | - |
| bottom | Moves the rule to the bottom (before the default policy). | - |
You can configure multiple PBR rules on the FW. The priorities of the PBR rules determine the matching sequence. Rules with higher priorities are matched earlier.
In the PBR view, the display this command displays the priorities of the PBR rules, and the rule move command changes the priorities of the PBR rules.
# Display the priorities of PBR rules.
<sysname> system-view
[sysname] policy-based-route
[sysname-policy-pbr] display this
#
policy-based-route
rule name abc_01
source-zone dmz
action pbr next-hop 10.1.1.1
rule name abc_02
source-address range 10.1.1.0 10.1.1.255
action pbr egress-interface GigabitEthernet0/0/1
rule name abc_03
ingress-interface GigabitEthernet0/0/3
action pbr next-hop 10.9.9.9
#
The priority sequence of the PBR rules is abc_01, abc_02, and abc_03 in descending order.
# Change the priority of abc_03 to be higher than that of abc_02.
[sysname-policy-pbr] rule move abc_03 before abc_02
[sysname-policy-pbr] display this
policy-based-route
rule name abc_01
source-zone dmz
action pbr next-hop 10.1.1.1
rule name abc_03
ingress-interface GigabitEthernet0/0/1
action pbr next-hop 10.9.9.9
rule name abc_02
source-address range 10.1.1.0 10.1.1.255
action pbr egress-interface GigabitEthernet0/0/3
The priority sequence of the PBR rules is abc_01, abc_03, and abc_02 in descending order.