19 blacklist, Blacklist overview, Configuring blacklist – H3C Technologies H3C SecBlade IPS Cards User Manual

19-1

19

Blacklist

Blacklist Overview

A blacklist allows you to filter packets based on the segment, direction, and source IP address. Blacklist

employs a very simple field for matching and therefore can filter packets at a high rate. It can effectively

filter packets sourced from a particular IP address.

A blacklist entry can be manually or dynamically added to the blacklist. Upon detecting an attack

attempt from a specific IP address based on the packet behavior, the device automatically adds the IP

address in the blacklist if corresponding blocking action is configured.

A blacklist entry is dynamically added if the blocking action for packets sourced from particular

addresses is configured. For details, refer to Action Management Configuration.

Both manually and dynamically added blacklist entries have a lifetime. A blacklist entry is removed from

the blacklist after its timer expires, allowing packets from the corresponding IP address to pass.

Configuring Blacklist

Configuration Task List

Follow these steps to configure a blacklist entry:

Table 19-1 Blacklist configuration task list

Task

Remarks

Adding a Blacklist Entry
Manually

Optional

Add a blacklist entry.

No blacklist entry is manually added by default.

Querying Blacklist Entries

Optional

View blacklist entries, manually or dynamically added, based on the segment
ID and direction.

When a field is deleted, the corresponding blacklist entry will not be deleted
until its timer expires.

Adding a Blacklist Entry Manually

Select Blacklist > Blacklist Management in the navigation tree to enter the blacklist entry list page, as

shown in

Figure 19-1

. Click Add to enter the blacklist entry configuration page, as shown in

Figure 19-2

.