The rule command defines the attack method that is being filtered for. For each rule, you can
configure whatever action needs to be taken if an attack occurs. The Brocade Virtual ADX can log
the attack and drop the attacking packet. Rules that can be used are described in

Table 9

through

Table 14

of this chapter.

Example

Virtual ADX(config)#security filter filter1

Virtual ADX(config-sec-filter1)#rule xmas-tree log

Virtual ADX(config-sec-filter1)#rule address-sweep 1 3 drop log

NOTE

There is no set limit on the number of filters that can be configured on a Brocade Virtual ADX but a
maximum of 10 rules can be bound to a single interface. The global limit depends upon the available
memory.

Configuring a Generic Rule

Apart from regular rules, such as those configured above, there is also a generic rule. A generic rule
needs to be defined before it can be bound to a filter. In the following example, a rule (gen1) is
configured to match a TCP packet with a source IP greater than 10.10.1.101, a TCP dest-port
greater than 20 and a string "400" at the 3rd byte offset from l4 (Layer 4) data.

Virtual ADX(config)#security generic gen1

Virtual ADX(config-sec-gen-gen1)#ip-source gteq ip 10.10.1.101

Virtual ADX(config-sec-gen-gen1)#tcp-dest gt val 20

Virtual ADX(config-sec-gen-gen1)#l4-data 3 eq str "400"

Syntax: [no] security generic generic-rule-name

The generic-rule-name variable specifies the generic rule defined that will then be bound to a filter.

The following conditions can be applied to any of the fields in the mac-header, ip-header, Layer 4
header (TCP/UDP), and Layer 4 data offset to create generic rules:

•

equals