Example For Configuring The Blacklist - Huawei AR1200-S Configuration Manual

Huawei AR1200-S Series Enterprise Routers
Configuration Guide - Security
#
acl number 3102
rule 5 permit tcp source 202.39.2.3 0 destination 129.38.1.2 0
rule 10 permit tcp source 202.39.2.3 0 destination 129.38.1.3 0
rule 15 permit tcp source 202.39.2.3 0 destination 129.38.1.4 0
rule 20 deny ip
#
port-mapping ftp port 2121 acl 2102
#
interface Vlanif100
ip address 129.38.1.1 255.255.255.0
zone trust
#
firewall zone trust
priority 15
#
firewall zone untrust
priority 1
#
firewall interzone trust untrust
firewall enable
packet-filter 3102 inbound
detect aspf ftp
#
interface Ethernet0/0/0
port link-type access
port default vlan 100
#
interface GigabitEthernet0/0/1
ip address 202.39.2.1 255.255.255.0
zone untrust
#
return

3.14.3 Example for Configuring the Blacklist

This example shows the blacklist configuration on a network. By using a blacklist, the Router
can prevent the attacks initiated from certain IP addresses.
Networking Requirements
As shown in
network, and GE0/0/1 is connected to the insecure external network.
The Router needs to apply IP address sweeping defense and blacklist policies to the packets
sent from the Internet to the enterprise intranet. If the Router detects that an IP address attacks
the enterprise intranet by using IP address sweeping, it adds the IP address to the blacklist. The
maximum session rate is 5000 pps, and the blacklist timeout is 30 minutes.
If an IP address, for example, 202.39.1.2, attempts to attack the enterprise intranet multiple times,
you can add the IP address to the blacklist manually. The IP address added manually will be
always in the blacklist.
Issue 02 (2012-03-30)
Figure 3-4, Ethernet0/0/0 of the Router is connected to a highly secure internal
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
3 Firewall Configuration
86