3Com Switch 8800 Family Firewall Module Configuration and Command Reference Guide
Configuring Attack Prevention 153
By default, the ICMP Flood attack prevention function is disabled. The max-rate
keyword indicates the maximum connection rate of ICMP packets, in the range of
1 to 1,000,000. The default value is 1,000.
n
When configuring ICMP Flood attack prevention, the IP-based priority is higher
than the zone-based priority. If the function of ICMP Flood attack prevention is
enabled both specific to a particular IP address and to all the IP addresses in the
zone to which the IP address belongs, the IP-based detection parameters are
preferred. If the IP-based configuration is disabled, the zone-based parameters will
be applied.
The ICMP Flood attack prevention function can protect up to 1000 IP addresses at
the same time.
c
CAUTION: Following three points are necessary to enable the ICMP Flood attack
prevention function.
■ Enable the inbound IP statistics function in the protected zone (or the zone
where the protected IP locates);
■ Enable the ICMP Flood attack prevention function;
■ Configure the specific ICMP Flood attack prevention function.
Enabling/Disabling the
UDP Flood Attack
Prevention Function
The UDP Flood attack prevention function can be configured to the specific
security zone or the specific IP address. Only when the UDP Flood attack
prevention function is enabled and the inbound IP statistics function of the
protected zone (or the zone to which the protected IP belongs) is enabled, can the
UDP Flood attack prevention function be enabled.
Enabling/disabling UDP Flood attack prevention function
Perform the following configuration in system view.
By default, the UDP Flood attack prevention function is disabled.
Configuring the specified UDP Flood attack prevention function
Perform the following configuration in system view.
Tab le 163 Enable/disable the UDP Flood attack prevention function
Operation Command
Enable the UDP Flood attack prevention
function
firewall defend udp-flood enable
Disable the UDP Flood attack prevention
function
undo firewall defend udp-flood enable
Tab le 164 Configuring the UDP Flood attack prevention function
Operation Command
Enable the UDP Flood attack prevention
function for IP addresses
firewall defend udp-flood ip ip-address [
max-rate rate-number ]
Enable the UDP Flood attack prevention
function for all the IP addresses in a zone
firewall defend udp-flood zone zone-name
[ max-rate rate-number ]
Disable the UDP Flood attack prevention
function for some IP addresses
undo firewall defend udp-flood ip
ip-address