< Home

exception ips-signature-id

Function

The exception ips-signature-id command adds an IPS signature as an exception.

The undo exception command deletes an IPS signature from signature exception.

Format

exception ips-signature-id ips-signature-id [ action { alert | allow | block | { block-source-ip | block-destination-ip } [ timeout timeout ] } ]

undo exception { ips-signature-id ips-signature-id | all }

Parameters

Parameter Description Value

ips-signature-id

Specifies the ID of an IPS signature.

The value is an integer ranging from 1 to 16777215.

action

Specifies the action.

-

alert

Indicates that the device generates an alarm when a packet matches an exception IPS signature.

-

allow

Indicates that the device permits a packet when a packet matches an exception IPS signature.

The default action for the exception signature is allow.

block

Indicates that the device denies a packet when a packet matches an exception IPS signature.

-

{ block-source-ip | block-destination-ip }

Indicates that the device blacklists the source or destination IP address and denies the packets destined from or for the specified IP address.

-

timeout timeout

Specifies the lifetime of a blacklist entry. The blacklist entry ceases to take effect after the lifetime ends.
The value is an integer, in minutes. The default value is 5. The value range is as follows:
  • Versions earlier than V600R007C20SPC601: 1 to 30.
  • V600R007C20SPC601 and later versions: 0 to 65535, where 0 indicates that the blacklist is always valid.

all

Indicates all signatures.

-

Views

Intrusion prevention profile view

Default Level

2: Configuration level

Usage Guidelines

This command configures different actions for certain signatures. The security policy preferentially implements the action for the exception signature.

You can use the display firewall blacklist item command to view the blacklist entry created in case of an IPS attack. For the entry, Reason is IPS Attack in the command output.

During the IPS signature database update, if the configured exception signature does not exist in the IPS signature database, the corresponding configurations are reserved but do not take effect. When the current configurations are queried, the following message is displayed: Invalid configuration. The specified signature (signature-id) does not exist in the current library. Please check and delete it.

Example

# In intrusion prevention profile profile1, add the IPS signature with ID 2012 to the exception signature, set the action to alert.

<sysname> system-view
[sysname] profile type ips name profile1
[sysname-profile-ips-profile1] exception ips-signature-id 2012 action alert
Parent Topic: Intrusion Prevention Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >