Reflective ACL is a state-based dynamic access control technology primarily used for network security protection. Its core principle involves monitoring outbound sessions initiated from the internal network to automatically generate temporary reverse rules. These rules permit response traffic to return while blocking unauthorized access initiated from external sources.

Interface 1 of the router connects to internal network users, while Interface 2 connects to the Internet. Configure a reflexive ACL on the outbound direction of Interface 2. Internal network hosts must first access servers on the Internet before Internet servers are permitted to access internal network hosts.

Geosite/Geoip Configuration Guide

Reflect-acl Configuration Guide

delete-span-style

Preface

Routing & Gateway

Getting Started with VMware ESXi

Getting Started with Linux KVM

Applicable Hardware Models

VPP Router Overview of Router Functional Modules

First Use

System Configuration Guide

Interface Management Configuration Guide

PPPoE Interface Configuration Guide

MAC Configuration Guide

LAG Configuration Guide

VLAN Configuration Guide

MSTP Configuration Guide

QinQ Configuration Guide

MC-LAG Configuration Guide

MVRP Configuration Guide

DHCP Configuration Guide

NAT Configuration Guide

MAP Configuration Guide

BGP Configuration Guide

OSPF Configuration Guide

Policy Routing Configuration Guide

Security Configuration Guide

ACL Configuration Guide

QoS Configuration Guide

Network Monitoring Configuration Guide

Network Management Configuration Guide

User Access and Authentication Configuration Guide

Reliability Configuration Guide

TRACK and SLA Configuration Guide

VRRP Configuration Guide

IPSec Configuration Guide

WireGuard Configuration Guide

DNS Configuration Guide

Configuration Guide

Login System

Enter The Command Line Configuration Interface

Device Upgrade

System Boot Configuration

Basic Configuration

Device Status

Device Configuration

NTP Configuration

System Time Configuration

POE Configuration

Device Management

Interface Basic Configuration

Sub-interface Configuration

Loopback Interface Configuration

Port Group Configuration

Interface Bandwidth Utilization Alert

Interface Management

Link Aggregation Configuration

MC-LAG Configuration

LLDP Configuration

VLAN Configuration

MAC Configuration

Interface Isolation Group Configuration

STP Configuration

QinQ Configuration

MVRP Configuration

Ethernet Switching

IPv4 Configuration

ARP Configuration

ARP To Host Routing Configuration

DHCP Relay Configuration

DHCP Server Configuration

IPv6 Configuration

NAT Configuration

PPPoE Configuration

MAP Configuration

IP Service

Static Route-configuration

BGP Configuration

OSPF Configuration

Route Map

Policy Route Configuration

IP Unicast Routing

9-1-acl-configuration

9-2-network-traffic-security-inspection

9-3-dhcp-snooping-configuration

ND Snooping Configuration

User Binding Rule Configuration

IPv6 RA Guard Configuration

IPSG Configuration

SAVI Configuration

ARP Detection Configuration

Security Configuration

Priority Map Configuration

Traffic Regulation

Queue Scheduling

Traffic Shaping

QoS Configuration

Mirror Configuration

SNMP Configuration

Syslog Configuration

IPFIX Configuration

Prometheus Exporter

Network Management And Monitoring

BFD Configuration

Monitor Link Configuration

VRRP Configuration

Reliability Configuration

Local User Configuration

AAA Configuration

License Configuration

User Access And Authentication

IPSec Configuration

DNS Configuration

WireGuard Configuration

Geosite/Geoip Configuration

Ucentral-client

Command Line Reference