Icmpv6-Flood Action; Icmpv6-Flood Detect Ipv6 - H3C MSR Series Command Reference Manual

Comware 7 security

Hide thumbs Also See for MSR Series:

Table of Contents

[Sysname-attack-defense-policy-atk-policy-1] icmp-flood threshold 100

Related commands

icmp-flood action

icmp-flood detect ip

icmp-flood detect non-specific

icmpv6-flood action

Use icmpv6-flood action to specify global actions against ICMPv6 flood attacks.

Use undo icmpv6-flood action to restore the default.

icmpv6-flood action { drop | logging } *

undo icmpv6-flood action

No global action is specified for ICMPv6 flood attacks.

Attack defense policy view

Predefined user roles

network-admin

drop: Drops subsequent ICMPv6 packets destined for the victim IP addresses.

logging: Enables logging for ICMPv6 flood attack events.

# Specify drop as the global action against ICMPv6 flood attacks in the attack defense policy

atk-policy-1.

<Sysname> system-view

[Sysname] attack-defense policy atk-policy-1

[Sysname-attack-defense-policy-atk-policy-1] icmpv6-flood action drop

Related commands

icmpv6-flood detect non-specific

icmpv6-flood threshold

icmpv6-flood detect ipv6

Use icmpv6-flood detect ipv6 to configure IPv6 address-specific ICMPv6 flood attack detection.

Use undo icmpv6-flood detect ipv6 to remove the IPv6 address-specific ICMPv6 flood attack

detection configuration.

icmpv6-flood detect ipv6 ipv6-address [ vpn-instance vpn-instance-name ] [ threshold

threshold-value ] [ action { { drop | logging } * | none } ]

undo icmpv6-flood detect ipv6 ipv6-address [ vpn-instance vpn-instance-name ]