beautypg.com

Binding the filter to an interface, Clearing dos attack statistics, Table 14 – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 105: Of this chapt

background image

Brocade Virtual ADX Security Guide

93

53-1003250-01

DDoS protection

5

Virtual ADX(config)#security filter filter5

Virtual ADX(config-sec-filter5)#rule ipv6-ext-header-type esp drop

Syntax: [no] rule ipv6-ext-header-type pv6-ext-header-type [log | no-log] [drop | no-drop]

The ipv6-ext-header-type variable is specified as one of the options described in

Table 14

.

The log parameter directs the Brocade Virtual ADX to drop traffic on the bound interface that
matches the rule specified by the configured ipv6-ext-header-type. The no-log parameter disables
this function.

The drop parameter directs the Brocade Virtual ADX to drop traffic on the bound interface that
matches the rule specified by the configured ipv6-ext-header-type. The no-drop parameter disables
this function

Binding the filter to an interface

To implement a filter, it must be bound to an interface. It will then be applied globally to all
interfaces on the Brocade Virtual ADX. To bind a filter to an interface, use the following command:

Virtual ADX(config-if-e1000-1/2)#security apply-filter filter1

Syntax: security apply-filter filter-name

The filter-name variable specifies filter that you want to apply on the Brocade Virtual ADX. A
maximum or 10 filters can be bound to a single interface.

Clearing DOS attack statistics

Use clear statistics dos-attack to reset counters for ICMP and TCP SYN packet burst thresholds.

Syntax: clear statistics dos-attack

TABLE 14

IPv6 ext header types and descriptions

Attack Type

Description

ah

Authentication Header Option

cfg-hdr0-num

Configurable extension header code 0

cfg-hdr1-num

Configurable extension header code 1

cfg-hdr2-num

Configurable extension header code 2

cfg-hdr3-num

Configurable extension header code 3

destination-option

Destination Options (with Routing Options)

esp

Encapsulation Security Payload Header

hop-by-hop

Hop-by-Hop option

mobility-header

Mobility Header option

no-next-header

No Next Header

routing-header

Routing Header option

unknown-header

Unknown headers are those that are not listed in the above header types and
TCP/UDP/ICMPv6.

See also other documents in the category Brocade Computer Accessories: