The firewall defend ip-sweep command configures the IP sweeping attack defense parameters.
The undo firewall defend ip-sweep command cancels the above configuration.
firewall defend ip-sweep max-rate max-rate-number
firewall defend ip-sweep blacklist-timeout interval
undo firewall defend ip-sweep max-rate
undo firewall defend ip-sweep blacklist-timeout
| Parameter | Description | Value |
|---|---|---|
| max-rate-number | Specifies the maximum rate. | The value is an integer ranging from 1 to 10000, in pps. The default value is 4000 pps. |
| interval | Specifies the aging time of the blacklist. | The value is an integer ranging from 1 to 1000, in minutes. The default value is 20 minutes. |
The configured IP sweeping attack defense parameters take effect only after you use the firewall defend ip-sweep enable command to enable the IP sweeping attack defense function.
# Enable the IP sweeping attack defense function. Set the maximum IP packet rate to 1000 pps, and the aging time of the blacklist to 5 minutes.
<sysname> system-view [sysname] firewall defend ip-sweep enable [sysname] firewall defend ip-sweep max-rate 1000 [sysname] firewall defend ip-sweep blacklist-timeout 5