Description
Controls the IP blacklist in SecureXL.
The blacklist blocks all traffic to and from the specified IP addresses.
The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets.
Important:
In Gaia Clish, run:
VSIDset virtual-system <
>
In Expert mode, run:
VSIDvsenv <
>
See the 'fwaccel dos config
' and 'fwaccel6 dos config
' commands.
In addition, see the 'fw sam_policy
' and 'fw6 sam_policy
' commands that let you configure more granular rules.
Syntax for IPv4
-a <IPv4 Address> -d <IPv4 Address> -F -s |
Syntax for IPv6
-a <IPv6 Address> -d <IPv6 Address> -F -s |
Parameters
Parameter |
Description |
---|---|
|
Specifies the SecureXL instance ID (for IPv4 only). |
No Parameters |
Shows the applicable built-in usage. |
|
Adds the specified IP address to the blacklist. To add more than one IP address, run this command for each applicable IP address. |
|
Removes the specified IP addresses from the blacklist. To remove more than one IP address, run this command for each applicable IP address. |
|
Removes (flushes) all IP addresses from the blacklist. |
|
Shows the configured blacklist. |
Example from a non-VSX Gateway
[Expert@MyGW:0]# fwaccel dos blacklist -s The blacklist is empty [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -a 1.1.1.1 Adding 1.1.1.1 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -s 1.1.1.1 [Expert@MyGW:0]# fwaccel dos blacklist -a 2.2.2.2 Adding 2.2.2.2 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -s 2.2.2.2 1.1.1.1 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -d 2.2.2.2 Deleting 2.2.2.2 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -s 1.1.1.1 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -F All blacklist entries deleted [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos blacklist -s The blacklist is empty [Expert@MyGW:0]# |