HP VPN Firewall Appliances Attack Protection Command Reference
4
all: Specifies all blacklist entries.
timeout minutes: Specifies an aging time for the blacklist entry. minutes indicates the aging time in the
range of 1 to 1000, in minutes. If you do not specify the aging time, the blacklist entry never gets aged
and always exists unless you delete it manually.
Usage guidelines
You can use the undo blacklist ip source-ip-address timeout command to cancel the aging time specified
for a manually added blacklist entry. After the configuration, this blacklist entry never gets aged.
All blacklist entries can take effect only when the blacklist function is enabled.
You can modify the aging time of an existing blacklist entry, and the modification takes effect
immediately.
Examples
# Add IP address 192.168.1.2 to the blacklist, and configure its aging time as 20 minutes.
<Sysname> system-view
[Sysname] blacklist ip 192.168.1.2 timeout 20
Related commands
• blacklist enable
• display blacklist
defense dns-flood enable
Use defense dns-flood enable to enable DNS flood attack protection.
Use undo defense dns-flood enable to restore the default.
Syntax
defense dns-flood enable
undo defense dns-flood enable
Default
DNS flood attack protection is disabled.
Views
Attack protection policy view
Default command level
2: System view
Examples
# Enable DNS flood attack protection in attack protection policy 1.
<Sysname> system-view
[Sysname] attack-defense policy 1
[Sysname-attack-defense-policy-1] defense dns-flood enable
Related commands
• defense dns-flood rate-threshold
• defense dns-flood ip