The cnc domain-filter enable command enables the domain name-based filtering function.
The undo cnc domain-filter enable command disables the domain name-based filtering function.
| Parameter | Description | Value |
|---|---|---|
action |
Indicates the action. |
- |
alert |
Indicates that the device permits packets matching a malicious domain name, but generates an alarm and logs the event. |
- |
block |
Indicates that the device discards packets matching a malicious domain name and logs the event. |
- |
By default, domain name-based filtering is disabled.
After domain name-based filtering is enabled, the default action is alert for packets matching the specified condition. After running cnc domain-filter enable to enable the function or undo cnc domain-filter enable to disable the function, run engine configuration commit to commit the configuration change to apply it.
The domain name-based filtering function enables the device to filter out packets using the malicious domain name signature database. Upon receiving a packet matching a malicious domain name, the device implements the specified action and logs the threats for auditing and troubleshooting.
# In IPS profile profile1, enable domain name-based filtering and set action to block.
<sysname> system-view [sysname] profile type ips name profile1 [sysname-profile-ips-profile1] cnc domain-filter enable action block [sysname-profile-ips-profile1] quit [sysname] engine configuration commit