Displaying Black List; Typical Example For Configuring Black List - H3C SecPath F1800-A Operation Manual

Operation Manual - Security Defence
H3C SecPath F1800-A Firewall

2.6.3 Displaying Black List

You can use the display command in any view to view the running state and verify the
configuration of blacklist.
Table 2-51 Displaying black list
View entry information or running
state of the current black list.

2.6.4 Typical Example for Configuring Black List

I. Networking Requirement
The server and the client are located in the trust zone and the untrust zone
respectively. It is required to filter all ICMP packets sent from the client within 100
minutes.
II. Networking Diagram
202.169.168.1
PC
Figure 2-6 Networking diagram of blacklist filter
III. Configuration Procedure
# Insert the IP address of the client into the black list.
[SecPath] firewall blacklist item 202.169.168.10 timeout 100
# Set the type of filtering as ICMP and the range of filtering as the global.
[SecPath] firewall blacklist filter-type icmp
# Enable the black list.
[SecPath] firewall blacklist enable
Within the aging period 100 minutes, all the ICMP packets sent from the client will be
filtered by the firewall. 100 minutes later, the ICMP packets sent from the client can
pass the firewall.
Action
6-59
Command
display firewall blacklist { enable | item
[ source-address ] | filter-type }
SecPath
Chapter 2 Security Policy
192.168.10.1
Server