rule move (security policy view)

Function

The rule move command moves a security policy rule to change the priority of the security policy rule.

Format

rule move rule-name1 { { after | before } rule-name2 | up | down | top | bottom }

Parameters

Parameter	Description	Value
rule-name1	Specifies the name of a rule to be moved.	The specified security policy rule must exist.
after	Moves rule-name1 after rule-name2.	-
before	Moves rule-name1 before rule-name2.	-
rule-name2	Specifies the name of the target rule.	The specified security policy rule must exist.
up	Moves the rule before the upper one.	-
down	Moves the rule after the lower one.	-
top	Moves the rule to the top.	-
bottom	Moves the rule to the bottom (before the default policy).	-

Views

Security policy view

Default Level

2: Configuration level

Usage Guidelines

The topmost security policy rule has the highest priority and is matched first. The security policy configured first ranks topmost and has the highest priority, unless you manually adjust the priority.

You can use the rule move command to move a security policy rule to change its priority.

After you move rule-name1 to before or after rule-name2, whether rule-name1 is added to a policy group must be the same as rule-name2. That is, if rule-name2 belongs to a policy group, rule-name1 must also be added to the policy group after rule-name1 is moved. If rule-name2 does not belong to any policy group, rule-name1 is not added to any policy group after rule-name1 is moved.

Example

# Move security policy rule test1 to before test2.

<sysname> system-view
[sysname] security-policy
[sysname-policy-security] rule move test1 before test2