Cisco Cisco ASR 5000
Firewall-and-NAT Policy Configuration Mode Commands
▀ firewall flooding
▄ Command Line Interface Reference, StarOS Release 18
5110
firewall flooding
This command configures Stateful Firewall protection from Packet Flooding attacks.
Important:
In release 8.0, this configuration is available in the ACS Configuration Mode. In release 8.1, for
Rulebase-based Stateful Firewall configuration, this configuration is available in the ACS Rulebase Configuration
Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-fw-and-nat-policy)#
Syntax
firewall flooding { protocol { icmp | tcp-syn | udp } packet limit packets | sampling-
interval interval }
interval interval }
default firewall flooding { protocol { icmp | tcp-syn | udp } packet limit | sampling-
interval }
interval }
default
Configures the default setting for the specified configuration.
protocol { icmp | tcp-syn | udp }
Specifies the transport protocol:
icmp
: Configuration for ICMP protocol.
tcp-syn
: Configuration for TCP-SYN packet limit.
udp
: Configuration for UDP protocol.
packet limit packets
Specifies the maximum number of specified packets a subscriber can receive during a sampling interval.
packets
must be an integer from 1 through 4294967295.
Default: 1000 packets per sampling interval for all protocols.
sampling-interval interval
Specifies the flooding sampling interval, in seconds.
interval
must be an integer from 1 through 60.
Default: 1 second
The maximum sampling-interval configurable is 60 seconds.
The maximum sampling-interval configurable is 60 seconds.