fwaccel dos deny
Description
The fwaccel dos deny and fwaccel6 dos deny commands control the IP deny-list in SecureXL.
The deny-list blocks all traffic to and from the specified IP addresses.
The deny-list drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets.
|
Important:
|
Syntax for IPv4
|
Syntax for IPv6
|
Parameters
Parameter |
Description |
||
---|---|---|---|
No Parameters |
Shows the applicable built-in usage. |
||
|
Adds the specified IP address to the deny-list. To add more than one IP address, run this command for each applicable IP address. |
||
|
Removes the specified IP addresses from the deny-list. To remove more than one IP address, run this command for each applicable IP address. |
||
|
Removes (flushes) all IP addresses from the IP deny-list. |
||
|
Enables ( By default, the monitor-only mode is disabled. In the monitor-only mode you can test the IP deny-list without blocking the traffic. This command affects only the IP deny-list (does not affect the |
||
|
Shows the current status of the monitor-only mode for the IP deny-list (enabled or disabled). |
||
|
Configures the name for the IP deny-list. This name appears in the Security Gateway logs.
|
||
|
Shows the configured name for the IP deny-list. |
||
|
Shows the configured deny-list. |
Example from a non-VSX Gateway
[Expert@MyGW:0]# fwaccel dos deny -s The deny list is empty [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -a 1.1.1.1 Adding 1.1.1.1 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -s 1.1.1.1 [Expert@MyGW:0]# fwaccel dos deny -a 2.2.2.2 Adding 2.2.2.2 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -s 2.2.2.2 1.1.1.1 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -d 2.2.2.2 Deleting 2.2.2.2 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -s 1.1.1.1 [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -F All deny list entries deleted [Expert@MyGW:0]# [Expert@MyGW:0]# fwaccel dos deny -s The deny list is empty [Expert@MyGW:0]# |