< Home

firewall defend large-icmp

Function

The firewall defend large-icmp command configures the parameters of the large ICMP packet attack defense.

The undo firewall defend large-icmp command cancels the above configuration.

Format

firewall defend large-icmp max-length [ length ]

undo firewall defend large-icmp max-length

Parameters

Parameter Description Value
length Specifies the maximum length of an ICMP packet. The value is an integer ranging from 28 to 65535, in bytes. The default value is 4000 bytes.

Views

System view

Default Level

2: Configuration level

Usage Guidelines

The maximum length of allowed ICMP packets can be configured as required. When the actual ICMP packet length exceeds the value, the device considers that the large ICMP packet attack takes place, discards the packet, and reports an attack log.

Example

# Enable the large ICMP packet attack defense. Set the maximum length of ICMP packets to 3000 bytes.

<sysname> system-view
[sysname] firewall defend large-icmp enable
[sysname] firewall defend large-icmp max-length 3000
Parent Topic: Single-Packet Attack Defense Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >