F3726, F3211, F3174, R5135, R3816-HP Firewalls and UTM Devices Attack Protection Command Reference-6PW100
4
Parameters
source-ip-address: IP address to be added to the blacklist, used to match the source IP address of packets.
This IP address cannot be a broadcast address, 127.0.0.0/8, a class D address, or a class E address.
all: Specifies all blacklist entries.
timeout minutes: Specifies an aging time for the blacklist entry. minutes indicates the aging time and
ranges from 1 to 1000, in minutes. If you do not specify the aging time, the blacklist entry never gets
aged and always exists unless you delete it manually.
Usage guidelines
You can use the undo blacklist ip source-ip-address timeout command to cancel the aging time specified
for a manually added blacklist entry. After the configuration, this blacklist entry never gets aged.
All blacklist entries can take effect only when the blacklist function is enabled.
You can modify the aging time of an existing blacklist entry, and the modification takes effect
immediately.
Examples
# Add IP address 192.168.1.2 to the blacklist, and configure its aging time as 20 minutes.
<Sysname> system-view
[Sysname] blacklist ip 192.168.1.2 timeout 20
Related commands
• blacklist enable
• display blacklist
defense dns-flood enable
Use defense dns-flood enable to enable DNS flood attack protection.
Use undo defense dns-flood enable to restore the default.
Syntax
defense dns-flood enable
undo defense dns-flood enable
Default
DNS flood attack protection is disabled.
Views
Attack protection policy view
Default command level
2: System view
Examples
# Enable DNS flood attack protection in attack protection policy 1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense dns-flood enable