Brocade Communications Systems 12.4.00a Manual De Usuario

DDoS protection

5

Configuring a rule for IPv6 ext header types 

ServerIron ADX has a set of built-in rules to manage IPv6 header types. In this case, the rule 
command is used with a <ipv6-ext-header-type > variable specified in Table 17.

The following example configures the "filter5" security filter with a rule to drop packets that contain 
the ipv6-ext-header type esp. 

ServerIronADX(config)# security filter filter5

ServerIronADX(config-sec-filter5)#rule ipv6-ext-header-type esp drop 

Syntax: [no] rule ipv6-ext-header-type <ipv6-ext-header-type> [log | no-log] [drop | no-drop]

The <ipv6-ext-header-type> variable is specified as one of the options described in Table 
17.

The log parameter directs the ServerIron ADX to drop traffic on the bound interface that matches 
the rule specified by the configured <ipv6-ext-header-type>. The no-log parameter disables 
this function.

The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches 
the rule specified by the configured <ipv6-ext-header-type>. The no-drop parameter 
disables this function

reserved

ICMP type 255: reserved for expansion

router-advertisement

ICMP type 134: router-advertisement

router-solicitation

ICMP type 133: router-solicitation

TABLE 17

IPv6 ext header types and descriptions

Attack Type

Description

ah

Authentication Header Option

cfg-hdr0-num

Configurable extension header code 0

cfg-hdr1-num

Configurable extension header code 1

cfg-hdr2-num

Configurable extension header code 2

cfg-hdr3-num

Configurable extension header code 3

destination-option

Destination Options (with Routing Options)

esp

Encapsulation Security Payload Header

hop-by-hop

Hop-by-Hop option

mobility-header

Mobility Header option

no-next-header

No Next Header

routing-header

Routing Header option

unknown-header

Unknown headers are those that are not listed in the above header types 
and TCP/UDP/ICMPv6.

TABLE 16

ICMPv6 types and descriptions