420
Step Command Remarks
5. Configure the action and
silence thresholds for UDP
flood attack protection for a
specific IP address.
defense udp-flood ip
ip-address
rate-threshold high
rate-number
[
low
rate-number ]
Optional.
Not configured by default.
6. Configure the device to
drop UDP flood attack
packets.
defense udp-flood action
drop-packet
Optional.
By default, the device only outputs
alarm logs if detecting an attack.
Applying an attack protection policy to an interface
To make a configured attack protection policy take effect, you need to apply the policy to a specific
interface.
To apply an attack protection policy to an interface:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enter interface view.
interface
interface-type
interface-number
N/A
3. Apply an attack protection
policy to the interface.
attack-defense apply policy
policy-number
By default, no attack protection
policy is applied to any interface.
The attack protection policy to be
applied to an interface must already
exist.
Configuring the blacklist function
You can configure a device to filter packets from certain IP addresses by configuring the blacklist
function.
The blacklist configuration includes enabling the blacklist function and adding blacklist entries. When
adding a blacklist entry, you can also configure the entry aging time. If you do not configure the aging
time, the entry never ages out, and always exist until you delete it manually.
To configure the blacklist function:
Step Command Remarks
1. Enter system view.
system-view
N/A
2. Enable the blacklist function.
blacklist enable
Disabled by default.
3. Add a blacklist entry.
blacklist ip
source-ip-address
[
timeout
minutes ]
Optional.
The scanning attack protection
function can add blacklist entries
automatically.
You can add blacklist entries manually, or configure the device to automatically add the IP addresses
of detected scanning attackers to the blacklist. For the latter purpose, enable the blacklist function for
the device, the scanning attack protection function, and the blacklist function for scanning attack
protection. The blacklist entries added by the scanning attack protection function will be aged after
To Next Page
Loading...
