Configuring the IPv4 address prefix list on the firewall

Perform as follows to configure the IPv4 IP-prefix list on the firewall:
1. In the user view, run the system-view command to enter the system view.
2. Run the ip ip-prefix ip-prefix-name [ index index-number ] { permit | deny } ip-address mask-length [ greater-equal greater-equal-value ] [ less-equal less-equal-value ] command to configure the address prefix list.
The range of mask length can be specified as mask-length <= greater-equal-value <= less equal-value <= 32. If only greater-equal is specified, the range of the prefix is from greater-equal-value to 32; if only less-equal is specified, the range of the prefix is from mask-length to less-equal-value.
During the matching, the system checks entries identified by the index number in the ascending order. Once an entry meets the condition, it means that all entries pass the IP-prefix filtering. The system does not match other entries.
If the action in all entries is deny, no route is permitted by this filtering list. You are advised to define a permit 0.0.0.0 0 less-equal 32 entry behind the multiple entries with action deny to allow all the other routes to pass the IP-prefix filtering.
Note:
If more than one IP-prefix entry is defined, at least one entry should be in permit matching mode.

Scroll to top