Cisco Cisco Packet Data Gateway (PDG)
firewall flooding
This command configures Stateful Firewall protection from Packet Flooding attacks.
In release 8.0, this configuration is available in the ACS Configuration Mode. In release 8.1, for
Rulebase-based Stateful Firewall configuration, this configuration is available in the ACS Rulebase
Configuration Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration
Mode.
Rulebase-based Stateful Firewall configuration, this configuration is available in the ACS Rulebase
Configuration Mode. In release 8.3, this configuration is available in the ACS Rulebase Configuration
Mode.
Important
Product
PSF
Privilege
Security Administrator, Administrator
Command Modes
Exec > ACS Configuration > Firewall-and-NAT Policy Configuration
active-charging service service_name > fw-and-nat policy policy_name
Entering the above command sequence results in the following prompt:
[local]
host_name
(config-fw-and-nat-policy)#
Syntax Description
firewall flooding { protocol { icmp | tcp-syn | udp } packet limit packets | sampling-interval interval }
default firewall flooding { protocol { icmp | tcp-syn | udp } packet limit | sampling-interval }
default firewall flooding { protocol { icmp | tcp-syn | udp } packet limit | sampling-interval }
default
Configures the default setting for the specified configuration.
protocol { icmp | tcp-syn | udp }
Specifies the transport protocol:
• icmp: Configuration for ICMP protocol.
• tcp-syn: Configuration for TCP-SYN packet limit.
• udp: Configuration for UDP protocol.
packet limit packets
Specifies the maximum number of specified packets a subscriber can receive during a sampling interval.
packets must be an integer from 1 through 4294967295.
Command Line Interface Reference, Modes E - F, StarOS Release 19
1687
Firewall-and-NAT Policy Configuration Mode Commands
firewall flooding