| Parameter | Description | Value |
|---|---|---|
| ipv4 | Specifies IPv4 MPAC policies. | - |
| ipv6 | Specifies IPv6 MPAC policies. | - |
| security-policy-name | Specifies the name of an MPAC policy. | The value is a string of 1 to 31 case-sensitive characters without spaces and must start with a letter. |
MPAC policies can be configured to filter packets to be sent to the CPU, thereby helping protect devices against various types of attacks.
The display service-security policy command displays configurations of MPAC policies, such as the rules, step, and description.
# Display configurations of all IPv4 MPAC policies.
<sysname> display service-security policy ipv4
Policy Name : A1
Step : 5
Policy Name : a1
Step : 5
Policy Name : a123456789012345678901234567890
Step : 5
rule 5 deny protocol tcp source-ip 10.1.1.1 1.1.1.1 destination-ip 10.1.1.2 1.1.1.1 source-port 65534 destination-port 55100
rule 10 deny protocol tcp source-ip 10.1.1.1 1.1.1.1 destination-ip 10.1.1.2 1.1.1.1 source-port 65534 destination-port 55101
Policy Name : beijing
Description : mpac policy for ipv4
Step : 2
rule 2 permit protocol any
rule 4 deny protocol any
rule 6 permit protocol bgp source-ip 10.1.1.1 0 destination-ip 10.1.1.2 0
rule 12 permit protocol ftp source-ip 10.1.1.1 0 destination-ip 10.1.1.2 0
rule 14 permit protocol ip source-ip 10.1.1.1 0 destination-ip 10.1.1.2 0
rule 16 permit protocol ldp source-ip 10.1.1.1 0 destination-ip 10.1.1.2 0
rule 20 permit protocol ntp source-ip 10.1.1.1 0 destination-ip 10.1.1.2 0
Policy Name : huawei
Step : 5
rule 5 permit protocol tcp source-ip 127.1.1.1 0 source-port 1000
rule 10 permit protocol ip source-ip 10.10.1.0 0.0.0.255
Policy Name : huawei1
Step : 5
Policy Name : huawei1#
Step : 5