S9700 Core Routing Switch
Configuration Guide - SPU
Procedure
l
----End
Example
Run the display firewall defend { flag | { icmp-flood | syn-flood | udp-flood } [ ip [ ip-
address [ vpn-instance vpn-instance-name ] ] | zone [ zone-name ] ] | other-attack-type }
command to view information about attack defense.
# View the status of each attack defense function.
<Quidway> display firewall defend flag
--------------------------------
Type
--------------------------------
land
smurf
fraggle
winnuke
syn-flood
udp-flood
icmp-flood
icmp-redirect
icmp-unreachable
ip-sweep
port-scan
tracert
ping-of-death
teardrop
tcp-flag
ip-fragment
large-icmp
--------------------------------
# View the configuration of IP address sweep attack defense.
<Quidway> display firewall defend ip-sweep
defend-flag
max-rate
blacklist-expire-time : 20
2.12 Configuring Traffic Statistics and Monitoring
The SPU supports traffic statistics and monitoring at the system level, zone level, and IP address
level.
2.12.1 Establishing the Configuration Task
Before configuring traffic statistics and monitoring, familiarize yourself with the applicable
environment, complete the pre-configuration tasks, and obtain the data required for the
configuration. This will help you complete the configuration task quickly and accurately.
Issue 01 (2012-03-15)
Run the display firewall defend { flag | { icmp-flood | syn-flood | udp-flood } [ ip [ ip-
address [ vpn-instance vpn-instance-name ] ] | zone [ zone-name ] ] | other-attack-type }
command to view information about attack defense.
Flag
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: disable
: 4000
Huawei Proprietary and Confidential
Copyright © Huawei Technologies Co., Ltd.
(pps)
(m)
2 Firewall Configuration
59