Very strange configuration option:) If you use deny in the ACL, System DO NOT LOOK the traffic behaviour!
More info :
The deny and permit parameters in ACL rules have different functions in different services.
- Traffic policy
- When permit is used in the ACL rule, the system executes the specified traffic behavior only when packets match the ACL rule. When the traffic behavior is deny, the system discards packets matching the rule. When the traffic behavior is permit, the system forwards packets matching the rule.
- When deny is used in the ACL rule, the system discards the packets matching the ACL rule regardless of the action defined the traffic behavior (except traffic statistics collection and traffic mirroring).
- If an ACL does not contain rules, the traffic policy using the ACL does not take effect.
https://support.huawei.com/enterprise/en/doc/EDOC1000178116/1808ef9a/how-are-deny-and-permit-in-acl-rules-used-in-different-services