'g_fwaccel dos blacklist' and 'g_fwaccel6 dos blacklist'

Description

Controls the IP blacklist in SecureXL.

The blacklist blocks all traffic to and from the specified IP addresses.

The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets.

Notes:

You must run these commands on a single Security Group member in the Expert mode:
- For IPv4: g_fwaccel dos blacklist ...
- For IPv6: g_fwaccel6 dos blacklist ...
On VSX Gateway, first go to the context of an applicable Virtual System.
In Expert mode, run: vsenv <VSID>
To enforce the IP blacklist in SecureXL, you must first enable the IP blacklists.
See the 'g_fwaccel dos config' and 'g_fwaccel6 dos config' commands.

In addition, see the 'g_fw sam_policy' and 'g_fw6 sam_policy' commands that let you configure more granular rules.

Syntax for IPv4

g_fwaccel [-i <SecureXL ID>] dos blacklist

-a <IPv4 Address>

-d <IPv4 Address>

-F

-s

Note - In Expert mode, run the g_fwaccel ... command.

Syntax for IPv6

g_fwaccel6 dos blacklist

-a <IPv6 Address>

-d <IPv6 Address>

-F

-s

Note - In Expert mode, run the g_fwaccel6 ... command.

Parameters

Parameter	Description
`-i <`SecureXL ID`>`	Specifies the SecureXL instance ID (for IPv4 only).
No Parameters	Shows the applicable built-in usage.
`-a <`IP Address`>`	Adds the specified IP address to the blacklist. To add more than one IP address, run this command for each applicable IP address.
`-d <`IP Address`>`	Removes the specified IP addresses from the blacklist. To remove more than one IP address, run this command for each applicable IP address.
`-F`	Removes (flushes) all IP addresses from the blacklist.
`-s`	Shows the configured blacklist.

Example from a non-VSX Security Group

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -s

The blacklist is empty

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -a 1.1.1.1

Adding 1.1.1.1

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -s

1.1.1.1

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -a 2.2.2.2

Adding 2.2.2.2

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -s

2.2.2.2

1.1.1.1

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -d 2.2.2.2

Deleting 2.2.2.2

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -s

1.1.1.1

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -F

All blacklist entries deleted

[Expert@HostName-ch0x-0x:0]#

[Expert@HostName-ch0x-0x:0]# g_fwaccel dos blacklist -s

The blacklist is empty

[Expert@HostName-ch0x-0x:0]#