Manualshelf

3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve 8116fl Redundant Switch Fabric Module
111112113114115116117118119120
Black List 111
be aging. Otherwise, the blacklist entry will be removed automatically after the
aging time. Accordingly, the filtering on the packets from the corresponding IP
address will be invalid.
2 Dynamic creation by some modules of the firewall
Some modules of the firewall can dynamically insert an entry into the black list. For
instance, when the attack prevention module discovers attack from a specific IP
address, it will automatically insert the specific IP address into the black list.
Therefore, any packet from the IP address will be denied in a specific period.
If identical IP addresses are inserted in the black list, the entry with a long aging
period is reserved.
So far, the attack prevention firewall module can insert entries into the black list.
For the related configuration, refer to “Attack Prevention and Packet Statistics”.
In addition, if a Telnet client continuously enters a wrong password for three times
when logging on the firewall, the system will automatically add its IP address into
the blacklist and set a ten-minute aging time for it. In other words, once the
blacklist on the firewall is enabled, the client cannot log on the firewall from that
IP address in ten minutes.
Removing black list entry
Using the following command, you can remove the black list entries.
undo firewall blacklist [ sour-addr ]
With parameter sour-addr, the specific IP address entry will be removed. Without
the parameter, all entries in the current black list will be removed.
The creation and deletion of black list entries is independent of the black list’s
running status, that is, black list entries can be created and removed no matter
whether the black list is enabled or not.
Enabling black list
Only when the black list is enabled, can the firewall filter the IP packet based on
the black list. Otherwise, the IP packet will not be discarded though it is in the
black list.
Use the firewall blacklist enable command to enable the black list.
Use the undo firewall blacklist enable command to disable the black list.
By default, the black list is disabled.
Configuring Black List Black list configuration includes:
Configure/remove black list entry
Configure the filtering type and range of the black list
Enable or disable black list