Cisco Cisco Packet Data Interworking Function (PDIF) Prospecto
ACS Rulebase Configuration Mode Commands
firewall dos-protection ▀
Cisco ASR 5x00 Command Line Interface Reference ▄
665
firewall dos-protection
This command allows you to configure Stateful Firewall protection for subscribers from Denial-of-Service (DoS)
attacks.
attacks.
Important:
In StarOS 8.0, this command is available in the ACS Configuration Mode. In StarOS 8.1 and StarOS
8.3, use this command for Rulebase-based Firewall-and-NAT configuration. In StarOS 8.1 and StarOS 9.0 and later
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
releases, for Policy-based Firewall-and-NAT configuration, this command is available in the Firewall-and-NAT Policy
Configuration Mode.
Product
PSF
Privilege
Security Administrator, Administrator
Mode
Exec > ACS Configuration > Rulebase Configuration
active-charging service service_name > rulebase rulebase_name
Entering the above command sequence results in the following prompt:
[local]host_name(config-rule-base)#
Syntax
[ no ] firewall dos-protection { all | flooding { icmp | tcp-syn | udp } | ftp-bounce |
ip-unaligned-timestamp | mime-flood | port-scan | tcp-window-containment | source-router
| teardrop | winnuke }
ip-unaligned-timestamp | mime-flood | port-scan | tcp-window-containment | source-router
| teardrop | winnuke }
default firewall dos-protection
no
If previously enabled, disables Stateful Firewall protection for subscribers from all or specified DoS attack(s).
default
Configures this command with its default setting.
Default: Protection from all DOS attacks is disabled.
Default: Protection from all DOS attacks is disabled.
all
Enables protection against all DoS attacks supported by the Stateful Firewall in-line service.
flooding { icmp | tcp-syn | udp }
Enables protection against specified flooding attacks:
icmp
: Enables protection against ICMP Flood attacks
tcp-syn
: Enables protection against TCP SYN Flood attacks
udp
: Enables protection against UDP Flood attacks