Manualshelf

HP VPN Firewall Appliances Attack Protection Command Reference

ManualsBrandsHP ManualsComputer AccessoriesHP ProCurve Switch xl Access Controller Module
101102103104105106107108109110
102
URPF commands
ip urpf
Use ip urpf to enable URPF check for a security zone to prevent source address spoofing attacks.
Use undo ip urpf to disable URPF check.
Syntax
ip urpf { loose | strict } [ allow-default-route ] [ acl acl-number ]
undo ip urpf
Default
URPF check is disabled.
Views
Security zone view
Default command level
2: System level
Parameters
loose: Enables loose URPF check. For a packet to pass loose URPF check, the source address of a packet
must match the destination address of a FIB entry.
strict: Enables strict URPF check. For a packet to pass strict URPF check, the source address and receiving
interface of a packet must match the destination address and output interface of a FIB entry.
allow-default-route: Allows using the default route for URPF check.
acl acl-number: ACL number in the range of 2000 to 3999.
For a basic ACL, the value range is 2000 to 2999.
For an advanced ACL, the value range is 3000 to 3999.
Examples
# Enable strict URPF check for security zone Untrust.
<Sysname> system-view
[Sysname] zone name untrust
[Sysname-zone-untrust] ip urpf strict