The firewall blacklist hardware item command creates blacklist entries on the hardware chip.
The undo firewall blacklist hardware item command deletes a blacklist entry on the hardware chip.
firewall blacklist hardware item source-ip source-IPv4-address [ source-port source-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
firewall blacklist hardware item destination-ip destination-IPv4-address [ destination-port destination-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
undo firewall blacklist hardware item source-ip source-IPv4-address [ source-port source-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
undo firewall blacklist hardware item destination-ip destination-IPv4-address [ destination-port destination-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
| Parameter | Description | Value |
|---|---|---|
source-ip source-IPv4-address |
Specifies the source IPv4 address. |
The value is in dotted decimal notation. |
source-port source-port |
Specifies the source port. You need configure the source or destination port only when the protocol type is set to TCP and UDP. |
The value is an integer ranging from 1 to 65535. |
destination-ip destination-IPv4-address |
Specifies the destination IPv4 address. |
The value is in dotted decimal notation. |
destination-port destination-port |
Specifies the destination port. You need configure the source or destination port only when the protocol type is set to TCP and UDP. |
The value is an integer ranging from 1 to 65535. |
protocol tcp |
Enables the Transmission Control Protocol (TCP). |
- |
protocol udp |
Enables the User Datagram Protocol (UDP). |
- |
protocol icmp |
Enables the Internet Control Message Protocol (ICMP). |
- |
protocol protocol-num |
Specifies the manually specified protocol ID. |
The value is an integer ranging from 1 to 255. |
Only USG6510E/6510E-POE, USG6530E, USG6515E/6550E/6560E/6580E, and USG6525E/6555E/6565E/6575E-B/6585E/6605E-B support this command.
After a blacklist is created on the hardware chip, when traffic arrives at the hardware chip and matches the blacklist, it is discarded. That is, the traffic will not be sent to the CPU, reducing the CPU usage.
This command applies only to the public system and cannot be used in virtual systems.