3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
154 CHAPTER 10: ATTACK PREVENTION AND PACKET STATISTICS
By default, the UDP Flood attack prevention function is disabled. max-rate
indicates the maximum connection rate of UDP packets, in the range of 1 to
1,000,000. The default value is 1,000.
n
When configuring UDP Flood attack prevention, the IP-based priority is higher
than the zone-based priority. If the function of UDP Flood attack prevention is
enabled both specific to a particular IP address and to all the IP addresses in the
zone to which the IP address belongs, the IP-based detection parameters are
preferred. If the IP-based configuration is disabled, the zone-based parameters will
be applied.
The UDP Flood attack prevention function can protect up to 1000 IP addresses at
the same time.
c
CAUTION: Following three points are necessary to enable the UDP Flood attack
prevention function.
■ Enable the inbound IP statistics function in the protected zone (or the zone
where the protected IP locates);
■ Enable the UDP Flood attack prevention function;
■ Configure the specific UDP Flood attack prevention function.
Enabling/Disabling the
ICMP Redirect Packet
Control Function
Perform the following configuration in system view.
By default, the ICMP redirect packet control function is disabled.
Enabling/Disabling the
ICMP Unreachable
Packet Control Function
Perform the following configuration in system view.
Disable the UDP Flood attack prevention
function for all IP addresses
undo firewall defend udp-flood ip
Disable the UDP Flood attack prevention
function for all the IP addresses in a zone
undo firewall defend udp-flood zone
zone-name
Disable the UDP Flood attack prevention
function for the IP addresses in all zones
undo firewall defend udp-flood zone
Disable all the UDP Flood attack prevention
functions
undo firewall defend udp-flood
Table 164 Configuring the UDP Flood attack prevention function
Operation Command
Tabl e 165 Enable/disable the ICMP redirect packet control function
Operation Command
Enable the ICMP redirect packet control
function
firewall defend icmp-redirect
Disable the ICMP redirect packet control
function
undo firewall defend icmp-redirect
Tabl e 166 Enable/disable the ICMP unreachable packet control function
Operation Command
Enable the ICMP unreachable packet control
function
firewall defend icmp-unreachable