'fwaccel synatk whitelist' and 'fwaccel6 synatk whitelist'
Description
Controls the Accelerated SYN Defender whitelist.
Notes:
- This whitelist overrides which packet the Accelerated SYN Defender drops. Before you use a 3rd-party or automatic blacklists, add trusted networks and hosts to the whitelist to avoid outages.
- Also, see the
fwaccel dos whitelist command.
Important - In Cluster, you must configure the Rate Limiting in the same way on all the Cluster Members.
Syntax for IPv4
fwaccel synatk whitelist
-a <IPv4 Address>[/<Subnet Prefix>]
-d <IPv4 Address>[/<Subnet Prefix>]
-F
-l /<Path>/<Name of File>
-L
-s
|
Syntax for IPv6
fwaccel6 synatk whitelist
-a <IPv6 Address>[/<Subnet Prefix>]
-d <IPv6 Address>[/<Subnet Prefix>]
-F
-l /<Path>/<Name of File>
-L
-s
|
Parameters
Parameter
|
Description
|
No Parameters
|
Shows the applicable built-in usage.
|
-a <IPv4 Address>[/<Subnet Prefix>]
|
Adds the specified IPv4 address to the Accelerated SYN Defender whitelist.
<IPv4 Address> - Can be an IPv4 address of a network or a host.<Subnet Prefix> - Must specify the length of the subnet mask in the format /<bits>.Optional for a host IPv4 address.
Mandatory for a network IPv4 address.
Range - from /1 to /32.
Important - If you do not specify the subnet prefix explicitly, this command uses the subnet prefix /32.
Examples:
- For a host:
192.168.20.30
192.168.20.30/32
- For a network:
192.168.20.0/24
|
-a <IPv6 Address>[/<Subnet Prefix>]
|
Adds the specified IPv6 address to the Accelerated SYN Defender whitelist.
<IPv6 Address> - Can be an IPv6 address of a network or a host.<Subnet Prefix> - Must specify the length of the subnet mask in the format /<bits>.Optional for a host IPv6 address.
Mandatory for a network IPv6 address.
Range - from /1 to /128.
Important - If you do not specify the subnet prefix explicitly, this command uses the subnet prefix /128.
Examples:
|
-d <IPv4 Address>[/<Subnet Prefix>]
|
Removes the specified IPv4 address from the Accelerated SYN Defender whitelist.
<IPv4 Address> - Can be an IPv4 address of a network or a host.<Subnet Prefix> - Optional. Must specify the length of the subnet mask in the format /<bits>.Optional for a host IPv4 address.
Mandatory for a network IPv4 address.
Range - from /1 to /32.
Important - If you do not specify the subnet prefix explicitly, this command uses the subnet prefix /32.
|
-d <IPv6 Address>[/<Subnet Prefix>]
|
Removes the specified IPv6 address from the Accelerated SYN Defender whitelist.
<IPv6 Address> - Can be an IPv6 address of a network or a host.<Subnet Prefix> - Optional. Must specify the length of the subnet mask in the format /<bits>.Optional for a host IPv6 address.
Mandatory for a network IPv6 address.
Range - from /1 to /128.
Important - If you do not specify the subnet prefix explicitly, this command uses the subnet prefix /128.
|
-F
|
Removes (flushes) all entries from the Accelerated SYN Defender whitelist.
|
-l /<Path>/<Name of File>
|
Loads the Accelerated SYN Defender whitelist entries from the specified plain-text file.
Note - To replace the current whitelist with the contents of a new file, use both the -F and -l parameters on the same command line.
Important:
|
-L
|
Loads the Accelerated SYN Defender whitelist entries from the plain-text file with a predefined name:
$FWDIR/conf/synatk-whitelist-v4.conf
Security Gateway automatically runs these commands {fwaccel | fwaccel6} synatk whitelist -L during each boot.
Note - To replace the current whitelist with the contents of a new file, use both the -F and -L parameters on the same command line.
Important:
|
-s
|
Shows the current Accelerated SYN Defender whitelist entries.
|
Example
[Expert@MyGW:0]# fwaccel synatk whitelist -a 192.168.20.0/24
[Expert@MyGW:0]# fwaccel synatk whitelist -s
192.168.20.0/24
[Expert@MyGW:0]# fwaccel synatk whitelist -d 192.168.20.0/24
[Expert@MyGW:0]#
[Expert@MyGW:0]# fwaccel synatk whitelist -a 192.168.40.55
[Expert@MyGW:0]# fwaccel synatk whitelist -s
192.168.40.55/32
[Expert@MyGW:0]# fwaccel synatk whitelist -d 192.168.40.55
|
