Руководство По Обслуживанию для Cisco Cisco Packet Data Gateway (PDG)
Configuration Management
Generally Available 06-30-2010
3-118
firewall tcp-syn-flood-intercept
This command enables and configures the TCP intercept parameters to prevent TCP SYN
flooding attacks by intercepting and validating TCP connection requests for DoS protection
mechanism configured with the
flooding attacks by intercepting and validating TCP connection requests for DoS protection
mechanism configured with the
dos-protection
command. In v8.0 this command was
available in the Active Charging Service Configuration mode. In v8.1 it is moved to the
Rulebase Configuration mode.
Rulebase Configuration mode.
CLI (Rulebase Configuration Mode)
firewall tcp-syn-flood-intercept { max-attempts max_attempts | mode { none
| { intercept | watch } [ aggressive ] } | retransmit-timeout
retransmit_timeout | watch-timeout intercept_watch_timeout }
default firewall tcp-syn-flood-intercept { max-attempts | mode |
retransmit-timeout | watch-timeout }
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.
ip protocol
This command defines a firewall rule definition to analyze user traffic based on the protocol
being transported by IP packets. The following keywords were added to this command:
being transported by IP packets. The following keywords were added to this command:
●
protocol
: Enables specifying a protocol by its name.
●
operator protocol_assignment
: Enables specifying a protocol lesser than or equal to,
or greater than or equal to a protocol assignment number.
CLI (Firewall Ruledef Configuration Mode)
[ no ] ip protocol { { operator { protocol | protocol_assignment } } | {
operator protocol_assignment } }
Web Element Manager Path
This functionality is not supported at this time on the Web Element Manager.