Comware

We have 2XS5500-28C-EI v5.20, R2202 and IRFed as one switch.

our ACL task is that only 150.21/22 can be access to 192.168.10.49 for tcp 1433, and 150 range cannot acceess to other 192.168.10.0/24 resources. the current configs as the following.  after this configs, we still can access 192.168.10.0/24 from 192.168.150.0/24.  what's wrong with the configs regarding ACL?

also I checked with the manual, there is a "packet-filter" command to apply ACL under interface (looks like it is right command for applying ACL), but I cannot see this "packet-filter" under system-view level under interface,  do I need to upgrade the IOS (firmware)?

Much appreciated for any advice. thanks

--------------------------------------------------

acl number 3050
 rule 0 permit tcp source 192.168.150.21 0 destination 192.168.10.49 0 destination-port eq 1433
 rule 5 permit tcp source 192.168.150.22 0 destination 192.168.10.49 0 destination-port eq 1433
 rule 15 permit tcp source 192.168.150.0 0.0.0.255 source-port eq 3389
 rule 20 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.10.0 0.0.0.255
 rule 25 deny ip source 192.168.150.0 0.0.0.255 destination 192.168.100.0 0.0.0.255
 rule 100 permit ip

traffic classifier FirewallV150 operator and
 if-match acl 3050

traffic behavior hehavior_FirewallV150
 filter permit

qos policy policy_FirewallV150
 classifier FirewallV150 behavior hehavior_FirewallV150

interface GigabitEthernet1/0/21
 port access vlan 150
 qos apply policy policy_FirewallV150 inbound
----------------------------------------------------------------------------------------

First of all, I suggest you to upgrade your software:

https://h10145.www1.hp.com/downloads/SoftwareReleases.aspx?ProductNumber=JD375A

Looking at your example, this one should work:

interface GigabitEthernet1/0/21

packet-filter 3050 inbound

packet-filter 3050 outbound

Thanks Michael, much appreciated