Zte ZXR10 8900 Series User Manual page 118

ZXR10 8900 Series User Manual (FW Volume)
108 Confidential and Proprietary Information of ZTE CORPORATION
1. Adding protected object (host, subnet, range or address
group).
Command
ZXR10_FW.ips #dos rule add
protect_name <string> icmpflood
<number1> ipsweep <number2>
synflood <number3> udpflood
<number4> portscan <number5>[log
<yes|no>][action <pass|block>]
Parameter Description:
Parameter
add
protect_name
<string>
icmpflood
<number1>
ipsweep
<number2>
synflood
<number3>
udpflood
<number4>
Function
This adds the host or
subnet to be protected
from intrusion.
Description
This adds one host or subnet to be
protected.
This sets address resource to be protected,
which can be host, subnet or address
range. This address resource shall be
added in command define in advance.
This is one string, indicating the name of
address resource.
This sets the max reply requests initiated
to protected object per second.
This is one number, indicating max
connection requests, 500 by default,
ranging from 1 to 65535.
This sets the max ICMP packets sent
from the same one IP to multiple hosts
within the specified interval. When packet
number reaches this threshold, it believes
that addresses are scanned for one time.
This is one number, ranging from 1 to
65535.
This sets the max connection requests
initiated to protected object per second.
This is one number, 500 by default, ranging
from 1 to 65535.
This sets the max UDP packets sent to
protected object per second. When the
packet number reaches this threshold,
UDP flooding attack protection function is
enabled.
This is one number, 1000 by default,
ranging from 1 to 65535.