The display firewall blacklist item command displays information about blacklist entries on the CPU.
display firewall blacklist item user user-name
display firewall blacklist item source-ip { source-IPv4-address | source-IPv6-address } [ source-port source-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
display firewall blacklist item destination-ip { destination-IPv4-address | destination-IPv6-address } [ destination-port destination-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
display firewall blacklist item
display firewall blacklist item type { manual | login-failed | ip-sweep | port-scan | illegal-access | ips | ids | apt-cis | av | topn | cloud-service }
| Parameter | Description | Value |
|---|---|---|
user user-name |
Specifies the user name. |
The value must be the user name of an actual user. |
source-ip source-IPv4-address |
Specifies the source IPv4 address. |
The value is in dotted decimal notation. |
source-ip source-IPv6-address |
Specifies the source IPv6 address. |
The value is in hexadecimal notation. |
source-port source-port |
Specifies the source port. |
The value is an integer ranging from 1 to 65535. |
destination-ip destination-IPv4-address |
Specifies the destination IPv4 address. |
The value is in dotted decimal notation. |
destination-ip destination-IPv6-address |
Specifies the destination IPv6 address. |
The value is in hexadecimal notation. |
destination-port destination-port |
Specifies the destination port. |
The value is an integer ranging from 1 to 65535. |
protocol tcp |
Enables the Transmission Control Protocol (TCP). |
- |
protocol udp |
Enables the User Datagram Protocol (UDP). |
- |
protocol ICMP |
Enables the Internet Control Message Protocol (ICMP). |
- |
protocol protocol-num |
Specifies the manually specified protocol ID. |
The value is an integer ranging from 1 to 255. |
type |
Indicates the blacklist type. |
- |
manual |
Indicates the static type. |
- |
login-failed |
Indicates the login failure type. |
- |
ip-sweep |
Indicates the IP sweep type. |
- |
port-scan |
Indicates the IP scanning type. |
- |
illegal-access |
Indicates the unauthorized access type. |
- |
ips |
Indicates the IPS type. |
- |
ids |
Indicates the IDS type. |
- |
apt-cis |
Indicates the anti-APT HiSec Insight type. Only the USG6510E/6510E-POE/6530E do not support this parameter. |
- |
av |
Indicates the antivirus type. |
- |
topn |
Indicates the heavy traffic type. Source Address Ranking by Real-Time Traffic ranks source addresses by traffic volume. You can blacklist a source address with a large traffic volume. |
- |
cloud-service |
Indicates the blocklist delivered by the cloud service. |
- |
# Display information about blacklist entries on the CPU.
<sysname> display firewall blacklist item IP/port/protocol/user Reason Insert Time Age Time HitTimes ---------------------------------------------------------------------------------------------------------------------------- 1.1.1.1 /any (src) /any/ DDos detect 2015/04/16 16:59:55 Permanent 0
Item |
Description |
|---|---|
IP |
IP address |
port |
Port |
protocol |
Protocol type |
user |
User name |
Reason |
Blacklist entries which are classified into the following types:
|
Insert Time |
Date and time when the blacklist entry was generated |
Age Time |
Aging time of the blacklist entry, in minutes. Permanent indicates that the blacklist entry is permanently valid. |
HitTimes |
Hit count of the blacklist entry |