The firewall defend port-scan command configures the parameters of the port scanning attack defense.
The undo firewall defend port-scan command cancels the above configuration.
firewall defend port-scan max-rate max-rate-number
firewall defend port-scan blacklist-timeout interval
undo firewall defend port-scan max-rate
undo firewall defend port-scan blacklist-timeout
| Parameter | Description | Value |
|---|---|---|
| max-rate-number | Specifies the maximum connection rate. | The value is an integer ranging from 1 to 10000, in pps. The default value is 4000 pps |
| interval | Specifies the aging time of the blacklist. | The value is an integer ranging from 1 to 1000, in minutes. The default value is 20 minutes. |
The configured port scanning attack defense parameters take effect only after you use the firewalldefend port-scan enable command to enable the port scanning attack defense function.
# Configure port scanning attack defense parameters. Set the maximum connection rate to 1000 pps, and the aging time of the blacklist to 5 minutes.
<sysname> system-view [sysname] firewall defend port-scan enable [sysname] firewall defend port-scan max-rate 1000 [sysname] firewall defend port-scan blacklist-timeout 5