Enabling The Blacklist Function; Adding Ip Addresses To The Blacklist Manually - Huawei quidway s7700 Configuration Manual

Quidway S7700 Smart Routing Switch
Configuration Guide - SPU

2.5.2 Enabling the Blacklist Function

To make the entries added to the blacklist manually or dynamically effective, you must enable
the blacklist function first.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall blacklist enable
The blacklist function is enabled.
By default, the blacklist function is disabled.
----End

2.5.3 Adding IP Addresses to the Blacklist Manually

After an IP address is added to the blacklist, the firewall denies the packets from this IP address
until this entry ages out.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall blacklist ip-address [ vpn-instance vpn-instance-name ] [ expire-time
minutes ]
An entry is added to the blacklist.
When adding an entry to the blacklist, you can set the IP address, aging time, and VPN
instance. The aging time refers to the period in which the IP address is effective after it is added
to the blacklist. When the IP address expires, it is released from the blacklist. If the aging time
is not specified, the IP address is always valid in the blacklist.
An IP address can be added to the blacklist regardless of whether the blacklist is enabled or not.
That is, even though the blacklist is not enabled, you can add entries, but the entries are invalid.
You can add up to 4096 entries to a blacklist.
----End
Issue 01 (2011-07-15)
NOTE
The blacklist entries without the aging time are written to the configuration file. The entries configured
with aging time are not written to the configuration file, but you can view them by using the display firewall
blacklist command.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
40