Cisco Cisco ASR 5700
ACS Rulebase Configuration Mode Commands
firewall flooding ▀
Command Line Interface Reference, StarOS Release 17 ▄
699
firewall flooding
This command allows you to configure Stateful Firewall protection from Packet Flooding attacks.
Important:
In StarOS 8.0, this command is available in the ACS Configuration Mode. In StarOS 8.1 and StarOS
8.3, use this command for Rulebase-based Firewall-and-NAT configuration. In StarOS 8.1 and StarOS 9.0 and later
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Rulebase Configuration
active-charging service service_name > rulebase rulebase_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-rule-base)#
Syntax
firewall flooding { { protocol { icmp | tcp-syn | udp } packet limit packets } | {
sampling-interval interval } }
sampling-interval interval } }
default firewall flooding { { protocol { icmp | tcp-syn | udp } packet limit } | {
sampling-interval } }
sampling-interval } }
default
Configures this command the default setting for the specified keyword.
protocol { icmp | tcp-syn | udp }
Specifies the transport protocol:
icmp
: Configuration for ICMP protocol.
tcp-syn
: Configuration for TCP-SYN packet limit.
udp
: Configuration for UDP protocol.
packet limit packets
Specifies the maximum number of specified packets a subscriber can receive during a sampling interval.
packets
must be an integer from 1 through 4294967295.
Default: 1000 packets per sampling interval for all protocols.
sampling-interval interval
Specifies the flooding sampling interval, in seconds.
interval
must be an integer from 1 through 60.
Default: 1 second