The firewall blacklist item command creates blacklist entries on the CPU.
The undo firewall blacklist item command deletes a blacklist entry on the CPU.
firewall blacklist item user user-name [ timeout minutes ]
firewall blacklist item source-ip { source-IPv4-address | source-IPv6-address } [ source-port source-port ] [ protocol { tcp | udp | icmp | protocol-num } ] [ timeout minutes ]
firewall blacklist item destination-ip { destination-IPv4-address | destination-IPv6-address } [ destination-port destination-port ] [ protocol { tcp | udp | icmp | protocol-num } ] [ timeout minutes ]
undo firewall blacklist item user user-name [ timeout minutes ]
undo firewall blacklist item source-ip { source-IPv4-address | source-IPv6-address } [ source-port source-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
undo firewall blacklist item destination-ip { destination-IPv4-address | destination-IPv6-address } [ destination-port destination-port ] [ protocol { tcp | udp | icmp | protocol-num } ]
undo firewall blacklist item all
| Parameter | Description | Value |
|---|---|---|
user user-name |
Specifies the user name. |
The value must be the user name of an actual user. |
source-ip source-IPv4-address |
Specifies the source IPv4 address. |
The value is in dotted decimal notation. |
source-ip source-IPv6-address |
Specifies the source IPv6 address. |
The value is in hexadecimal notation. |
source-port source-port |
Specifies the source port. You need configure the source or destination port only when the protocol type is set to TCP and UDP. |
The value is an integer ranging from 1 to 65535. |
destination-ip destination-IPv4-address |
Specifies the destination IPv4 address. |
The value is in dotted decimal notation. |
destination-ip destination-IPv6-address |
Specifies the destination IPv6 address. |
The value is in hexadecimal notation. |
destination-port destination-port |
Specifies the destination port. You need configure the source or destination port only when the protocol type is set to TCP and UDP. |
The value is an integer ranging from 1 to 65535. |
protocol tcp |
Enables the Transmission Control Protocol (TCP). |
- |
protocol udp |
Enables the User Datagram Protocol (UDP). |
- |
protocol icmp |
Enables the Internet Control Message Protocol (ICMP). |
- |
protocol protocol-num |
Specifies the manually specified protocol ID. |
The value is an integer ranging from 1 to 255. |
all |
Indicates all blacklist entries. |
- |
timeout minutes |
Specifies the aging time of the blacklist entry. The aging time is the validity duration of the blacklist entry. After the aging time elapses, the system automatically deletes the blacklist entry. If no aging time is specified, the blacklist entry is permanently valid. |
The value is an integer ranging from 1 to 65535, in minutes. |
This command changes the timeout period of static blacklists and certain dynamic blacklists. The blacklist entries are effective only after the blacklist function is enabled. However, users can add static blacklist entries even if the blacklist function is disabled.
The undo firewall blacklist item all command deletes blacklist entries from both the CPU and hardware chip.