Blacklist configuration, Overview, Configuring the blacklist – H3C Technologies H3C SecPath F1000-E User Manual

Page 610: Configuration task list

Blacklist Configuration

Overview

Blacklist is an attack prevention mechanism that filters packets based on source IP address. Compared

with ACL-based packet filtering, the blacklist feature is easier to configure and fast in filtering packets

sourced from particular IP addresses.
The device can dynamically add and remove blacklist entries. This is implemented in cooperation with
the scanning detection feature. When the device detects that packets sourced from an IP address have a

behavior pattern that implies a potential scanning attack, it automatically blacklists the IP address to filter

subsequent packets sourced from that IP address. Blacklist entries added in this way will age out after a

period of time.

NOTE:

For more information about scanning detection configuration, see

Traffic Abnormality Detection

Configuration.

The device also supports adding and removing blacklist entries manually. Manually configured blacklist

entries fall into two categories: permanent and non-permanent. A permanent blacklist entry is always
present unless being removed manually, while a non-permanent blacklist entry has a limited lifetime

depending on your configuration. When the lifetime of a non-permanent entry expires, the device

removes the entry from the blacklist, allowing the packets of the IP address defined by the entry to pass

through.

Configuring the Blacklist

Configuration Task List

Perform the tasks in

Table 1

to configure the blacklist feature.

Table 1 Blacklist configuration task list

Task Remarks

Enabling the Blacklist Function

Required
By default, the blacklist function is disabled.