Threshold Rules; Manual Blocking & Exclude Lists - D-Link DFL-1600 User Manual

28.3. Threshold Rules

Managed devices
The managed devices are SNMP compliant, such as D-Link switches.
They store management data in their databases, known as
Management Information Base (MIB), and provide the information
to the manager upon queries.
28.3 Threshold Rules
As explained previously, a threshold rule will trigger ZoneDefense to block
out a specific host or a network if the connection rate limit specified in the
rule is exceeded. Similar to the IP rules, a threshold rule also contains
several fields, specifying which type of traffic that should match the rule.
In total, a threshold rule is defined by:
Source interface and source network.
Destination interface and destination network.
Service.
Type of threshold: Host and/or network based.
Traffic that matches the criterion above and causes the host/network
threshold to be exceeded will trigger ZoneDefense function, which will
prevent the host/networks from accessing the switch(es). All blocks in
response to threshold violations will be prohibited based on IP address of
the host or network on the switch(es). When a network-based threshold has
been exceeded, the source network will be blocked out instead of just the
offending host.
28.4 Manual Blocking & Exclude Lists
As a complement to the threshold rules, it is also possible to manually
define hosts and networks that are to be statically blocked or excluded.
Manually blocked hosts and networks can be blocked by default or based on
a schedule. It is also possible to specify which protocols and protocol port
numbers that are to be blocked.
Exclude lists can be created and used in order to exclude hosts from being
blocked when a threshold rule limit is reached. Good practice includes
D-Link Firewalls User's Guide
295