3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
152 CHAPTER 10: ATTACK PREVENTION AND PACKET STATISTICS
By default, TCP proxy is not enabled on any host or security zone.
n
Although you can also enable TCP proxy when configuring SYN flood attack
prevention, the configuration with this command takes preference over that. That
is, TCP proxy will be enabled for protecting the target host or security zone no
matter if SYN flood attacks occur.
Enabling/Disabling the
ICMP Flood Attack
Prevention Function
The ICMP Flood attack prevention function can be configured to the specific
security zone or the specific IP address. Only when the ICMP Flood attack
prevention function is enabled and the inbound IP statistics function of the
protected zone (or the zone to which the protected IP belongs) is enabled, can the
ICMP Flood attack prevention function be enabled.
Enabling/disabling ICMP flood attack prevention function
Perform the following configuration in system view.
By default, the ICMP Flood attack prevention function is disabled.
Configuring the specified ICMP flood attack prevention function
Perform the following configuration in system view.
Tabl e 160 Enable/disable TCP proxy
Operation Command
Enable TCP proxy on a specified host or
security zone
firewall tcp-proxy { ip ip-address | zone
zone-name }
Disable TCP proxy on a specified host or
security zone
undo firewall tcp-proxy { ip ip-address |
zone zone-name }
Tabl e 161 Enable/disable the ICMP Flood attack prevention function
Operation Command
Enable the ICMP Flood attack prevention
function
firewall defend icmp-flood enable
Disable the ICMP Flood attack prevention
function
undo firewall defend icmp-flood enable
Tabl e 162 Configuring the ICMP Flood attack prevention function
Operation Command
Enable the ICMP Flood attack prevention
function for IP addresses
firewall defend icmp-flood ip ip-address [
max-rate rate-number ]
Enable the ICMP Flood attack prevention
function for all the IP addresses in a zone
firewall defend icmp-flood zone
zone-name [ max-rate rate-number ]
Disable the ICMP Flood attack prevention
function for some IP addresses
undo firewall defend icmp-flood ip
ip-address
Disable the ICMP Flood attack prevention
function for all IP addresses
undo firewall defend icmp-flood ip
Disable the ICMP Flood attack prevention
function for all the IP addresses in a zone
undo firewall defend icmp-flood zone
zone-name
Disable the ICMP Flood attack prevention
function for the IP addresses in all zones
undo firewall defend icmp-flood zone
Disable all the ICMP Flood attack prevention
functions
undo firewall defend icmp-flood