Table of Contents
Advertisement
S9700 Core Routing Switch
Configuration Guide - SPU
2.5.2 Enabling the Blacklist Function
To make the entries added to the blacklist manually or dynamically effective, you must first
enable the blacklist function.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall blacklist enable
The blacklist function is enabled.
By default, the blacklist function is disabled.
----End
2.5.3 Adding IP Addresses to the Blacklist Manually
After an IP address is added to the blacklist, the firewall denies the packets from this IP address
until this entry expires.
Procedure
Step 1 Run:
system-view
The system view is displayed.
Step 2 Run:
firewall blacklist ip-address [ vpn-instance vpn-instance-name ] [ expire-time
minutes ]
An entry is added to the blacklist.
When adding an entry to the blacklist, you can set the IP address, aging time, and VPN
instance. The aging time refers to the period in which the IP address is effective after it is added
to the blacklist. When the IP address expires, it is released from the blacklist. If the aging time
is not specified, the IP address is always valid in the blacklist.
An IP address can be added to the blacklist regardless of whether the blacklist is enabled or not.
That is, even though the blacklist is not enabled, you can add entries, but the entries do not take
effect until the blacklist is enabled.
You can add up to 4096 entries to a blacklist.
----End
Issue 01 (2012-03-15)
NOTE
The blacklist entries without the aging time are added to the configuration file. The entries configured with
the aging time are not added to the configuration file, but you can view them by using the display firewall
blacklist command.
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
2 Firewall Configuration
40
Advertisement
Table of Contents
