.. _ddos_zone_template_tcp: ddos zone-template tcp ====================== TCP template Configuration tcp Specification ----------------- ===================================== ====================================================================== **Parameter** **Value** ===================================== ====================================================================== **Type** *Collection* **Object Key(s)** *name* **Collection Name** :ref:`508_tcp_list` **Collection URI** /axapi/v3/ddos/zone-template/tcp **Element Name** tcp **Element URI** /axapi/v3/ddos/zone-template/tcp/{name} **Element Attributes** tcp_attributes **Partition Visibility** None **Schema** :download:`tcp schema ` ===================================== ====================================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/zone-template/tcp .. raw:: html :ref:`508_tcp_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/zone-template/tcp .. raw:: html :ref:`508_tcp_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/zone-template/tcp/{name} .. raw:: html :ref:`508_tcp_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/zone-template/tcp .. raw:: html :ref:`508_tcp_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/zone-template/tcp/{name} .. raw:: html :ref:`508_tcp_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/zone-template/tcp/{name} .. raw:: html :ref:`508_tcp_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/zone-template/tcp .. raw:: html :ref:`508_tcp_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/zone-template/tcp/{name} .. raw:: html :ref:`508_tcp_attributes` .. raw:: html
.. _508_tcp_list: tcp-list -------- tcp-list is **JSON List** of :ref:`508_tcp_attributes` tcp-list : [ { :ref:`508_tcp_attributes` }, { :ref:`508_tcp_attributes` }, ... ] .. _508_tcp_attributes: tcp attributes -------------- **ack-authentication** **Description:** ack-authentication is a **JSON Block**. Please see below for :ref:`508_ack-authentication` **Type:** Object **ack-authentication-synack-reset** **Description** Reset client TCP SYN+ACK for authentication (DST support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **action-on-ack-rto-retry-count** **Description** Take action if ack-auth RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **action-on-syn-rto-retry-count** **Description** Take action if syn-auth RTO-authentication fail over retry time(default:5) **Type:** number **Range:** 2-10 **age** **Description** Session age in minutes **Type:** number **Range:** 1-63 **Default:** 2 **allow-syn-otherflags** **Description** Treat TCP SYN+PSH as a TCP SYN (DST tcp ports support only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-synack-skip-authentications** **Description** Allow create sessions on SYNACK without syn-auth and ack-auth (ASYM Mode only) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **allow-tcp-tfo** **Description** Allow TCP Fast Open **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **conn-rate-limit-on-syn-only** **Description** Only count SYN-initiated connections towards connection-rate tracking **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **create-conn-on-syn-only** **Description** Enable connection establishment on SYN only **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **dst** **Description:** dst is a **JSON Block**. Please see below for :ref:`508_dst` **Type:** Object **filter-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/zone-template/tcp/{name}/filter/{tcp-filter-name} ` **known-resp-src-port-cfg** **Description:** known-resp-src-port-cfg is a **JSON Block**. Please see below for :ref:`508_known-resp-src-port-cfg` **Type:** Object **name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **out-of-seq-cfg** **Description:** out-of-seq-cfg is a **JSON Block**. Please see below for :ref:`508_out-of-seq-cfg` **Type:** Object **per-conn-out-of-seq-rate-cfg** **Description:** per-conn-out-of-seq-rate-cfg is a **JSON Block**. Please see below for :ref:`508_per-conn-out-of-seq-rate-cfg` **Type:** Object **per-conn-pkt-rate-cfg** **Description:** per-conn-pkt-rate-cfg is a **JSON Block**. Please see below for :ref:`508_per-conn-pkt-rate-cfg` **Type:** Object **per-conn-rate-interval** **Description** '100ms': 100ms; '1sec': 1sec; '10sec': 10sec; **Type:** string **Supported Values:** 100ms, 1sec, 10sec **Default:** 1sec **per-conn-retransmit-rate-cfg** **Description:** per-conn-retransmit-rate-cfg is a **JSON Block**. Please see below for :ref:`508_per-conn-retransmit-rate-cfg` **Type:** Object **per-conn-zero-win-rate-cfg** **Description:** per-conn-zero-win-rate-cfg is a **JSON Block**. Please see below for :ref:`508_per-conn-zero-win-rate-cfg` **Type:** Object **retransmit-cfg** **Description:** retransmit-cfg is a **JSON Block**. Please see below for :ref:`508_retransmit-cfg` **Type:** Object **src** **Description:** src is a **JSON Block**. Please see below for :ref:`508_src` **Type:** Object **syn-authentication** **Description:** syn-authentication is a **JSON Block**. Please see below for :ref:`508_syn-authentication` **Type:** Object **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **synack-rate-limit** **Description** Config SYNACK rate limit **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** synack-rate-limit and track-together-with-syn are mutually exclusive **track-together-with-syn** **Description** SYNACK will be counted in Dst Syn-rate limit **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **Mutual Exclusion:** track-together-with-syn and synack-rate-limit are mutually exclusive **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zero-win-cfg** **Description:** zero-win-cfg is a **JSON Block**. Please see below for :ref:`508_zero-win-cfg` **Type:** Object .. _508_syn-authentication: syn-authentication ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client (Applicable to retransmit-check only); **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** syn-auth-fail-action and syn-auth-fail-action-list-name are mutually exclusive **syn-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** syn-auth-fail-action-list-name and syn-auth-fail-action are mutually exclusive **syn-auth-min-delay** **Description** Minimum delay (in 100ms intervals) between SYN retransmits for retransmit-check to pass **Type:** number **Range:** 1-80 **Mutual Exclusion:** syn-auth-min-delay and syn-auth-type are mutually exclusive **syn-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** syn-auth-pass-action and syn-auth-pass-action-list-name are mutually exclusive **syn-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** syn-auth-pass-action-list-name and syn-auth-pass-action are mutually exclusive **syn-auth-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth-timeout** **Description** syn retransmit timeout in seconds(default timeout: 5 seconds) **Type:** number **Range:** 1-31 **Mutual Exclusion:** syn-auth-timeout and syn-auth-type are mutually exclusive **syn-auth-type** **Description** 'send-rst': Send reset to client after syn cookie check pass; 'force-rst-by-ack': Send client a bad ack after syn cookie check pass; 'force-rst-by-synack': Send client a bad synack after syn cookie check pass; 'send-rst-all': Send RST to client for all auth attempts; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, send-rst-all **Mutual Exclusion:** syn-auth-type, syn-auth-timeout, and syn-auth-min-delay are mutually exclusive .. _508_ack-authentication: ack-authentication ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **ack-auth-fail-action** **Description** 'drop': Drop packets (Default); 'blacklist-src': Blacklist-src; 'reset': Send reset to client; **Type:** string **Supported Values:** drop, blacklist-src, reset **Mutual Exclusion:** ack-auth-fail-action and ack-auth-fail-action-list-name are mutually exclusive **ack-auth-fail-action-list-name** **Description** Configure action-list to take for failing the authentication. **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ack-auth-fail-action-list-name and ack-auth-fail-action are mutually exclusive **ack-auth-min-delay** **Description** Minimum delay (in 100ms intervals) between ACK retransmits for retransmit-check to pass **Type:** number **Range:** 1-80 **ack-auth-only** **Description** Apply retransmit-check only once per source address for authentication purpose **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ack-auth-pass-action** **Description** 'authenticate-src': authenticate-src (Default); **Type:** string **Supported Values:** authenticate-src **Mutual Exclusion:** ack-auth-pass-action and ack-auth-pass-action-list-name are mutually exclusive **ack-auth-pass-action-list-name** **Description** Configure action-list to take for passing the authentication **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** ack-auth-pass-action-list-name and ack-auth-pass-action are mutually exclusive **ack-auth-rto** **Description** Estimate the RTO and apply the exponential back-off for authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ack-auth-timeout** **Description** ack retransmit timeout in seconds(default timeout: 5 seconds) **Type:** number **Range:** 1-31 .. _508_per-conn-out-of-seq-rate-cfg: per-conn-out-of-seq-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-out-of-seq-rate-action** **Description** 'drop': Drop packets for out-of-seq rate exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq rate exceed; 'ignore': help Ignore out-of-seq rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-out-of-seq-rate-action and per-conn-out-of-seq-rate-action-list-name are mutually exclusive **per-conn-out-of-seq-rate-action-list-name** **Description** Configure action-list to take for out-of-seq rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-out-of-seq-rate-action-list-name and per-conn-out-of-seq-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-out-of-seq-rate-limit** **Description** Take action if out-of-seq pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-out-of-seq-rate-limit and out-of-seq are mutually exclusive .. _508_dst: dst ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`508_dst_rate-limit` **Type:** Object .. _508_dst_rate-limit: dst_rate-limit ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`508_dst_rate-limit_syn-rate-limit` **Type:** Object .. _508_dst_rate-limit_syn-rate-limit: dst_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, ignore **Default:** drop **dst-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _508_per-conn-retransmit-rate-cfg: per-conn-retransmit-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-retransmit-rate-action** **Description** 'drop': Drop packets for retrans rate exceed (Default); 'blacklist-src': help Blacklist-src for retrans rate exceed; 'ignore': help Ignore retrans rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-retransmit-rate-action and per-conn-retransmit-rate-action-list-name are mutually exclusive **per-conn-retransmit-rate-action-list-name** **Description** Configure action-list to take for retransmit rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-retransmit-rate-action-list-name and per-conn-retransmit-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-retransmit-rate-limit** **Description** Take action if retransmit pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-retransmit-rate-limit and retransmit are mutually exclusive .. _508_per-conn-zero-win-rate-cfg: per-conn-zero-win-rate-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-zero-win-rate-action** **Description** 'drop': Drop packets for zero-win rate exceed (Default); 'blacklist-src': help Blacklist-src for zero-win rate exceed; 'ignore': Ignore zero-win rate exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-zero-win-rate-action and per-conn-zero-win-rate-action-list-name are mutually exclusive **per-conn-zero-win-rate-action-list-name** **Description** Configure action-list to take for zero window rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-zero-win-rate-action-list-name and per-conn-zero-win-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-zero-win-rate-limit** **Description** Take action if zero window pkt rate exceed configured threshold **Type:** number **Range:** 1-16000000 **Mutual Exclusion:** per-conn-zero-win-rate-limit and zero-win are mutually exclusive .. _508_per-conn-pkt-rate-cfg: per-conn-pkt-rate-cfg ^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **per-conn-pkt-rate-action** **Description** 'drop': Drop packets for per-conn-pkt-rate exceed (Default); 'blacklist-src': help Blacklist-src for per-conn-pkt-rate exceed; 'ignore': Ignore per-conn-pkt-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** per-conn-pkt-rate-action and per-conn-pkt-rate-action-list-name are mutually exclusive **per-conn-pkt-rate-action-list-name** **Description** Configure action-list to take for per-conn-pkt-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** per-conn-pkt-rate-action-list-name and per-conn-pkt-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **per-conn-pkt-rate-limit** **Description** Packet rate limit per connection per rate-interval **Type:** number **Range:** 1-16000000 .. _508_retransmit-cfg: retransmit-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **retransmit** **Description** Take action if retransmit pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** retransmit and per-conn-retransmit-rate-limit are mutually exclusive **retransmit-action** **Description** 'drop': Drop packets for retrans exceed (Default); 'blacklist-src': help Blacklist-src for retrans exceed; 'ignore': help Ignore retrans exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** retransmit-action and retransmit-action-list-name are mutually exclusive **retransmit-action-list-name** **Description** Configure action-list to take for retransmit exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** retransmit-action-list-name and retransmit-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _508_src: src ^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **rate-limit** **Description:** rate-limit is a **JSON Block**. Please see below for :ref:`508_src_rate-limit` **Type:** Object .. _508_src_rate-limit: src_rate-limit ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **syn-rate-limit** **Description:** syn-rate-limit is a **JSON Block**. Please see below for :ref:`508_src_rate-limit_syn-rate-limit` **Type:** Object .. _508_src_rate-limit_syn-rate-limit: src_rate-limit_syn-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-syn-rate-action** **Description** 'drop': Drop packets for syn-rate exceed (Default); 'blacklist-src': Blacklist-src for syn-rate exceed; 'ignore': Ignore syn-rate-exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** src-syn-rate-action and src-syn-rate-action-list-name are mutually exclusive **src-syn-rate-action-list-name** **Description** Configure action-list to take for syn-rate exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** src-syn-rate-action-list-name and src-syn-rate-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **src-syn-rate-limit** **Description** **Type:** number **Range:** 1-16000000 .. _508_filter-list: filter-list ^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **byte-offset-filter** **Description** Filter using Berkeley Packet Filter syntax **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-action** **Description** 'drop': Drop packets (Default); 'ignore': Take no action; 'blacklist-src': Blacklist-src; 'authenticate-src': Authenticate-src; **Type:** string **Supported Values:** drop, ignore, blacklist-src, authenticate-src **Default:** drop **Mutual Exclusion:** tcp-filter-action and tcp-filter-action-list-name are mutually exclusive **tcp-filter-action-list-name** **Description** Configure action-list to take **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** tcp-filter-action-list-name and tcp-filter-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` **tcp-filter-inverse-match** **Description** Inverse the result of the matching **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-filter-name** **Description** **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **tcp-filter-regex** **Description** Regex Expression **Type:** string **Format:** string-rlx **Maximum Length:** 1275 characters **Maximum Length:** 1 characters **tcp-filter-seq** **Description** Sequence number **Type:** number **Range:** 1-200 **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _508_known-resp-src-port-cfg: known-resp-src-port-cfg ^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exclude-src-resp-port** **Description** Exclude src port equal to dst port **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port** **Description** Take action if src-port is less than 1024 **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **known-resp-src-port-action** **Description** 'drop': Drop packets from well-known src-port(Default); 'blacklist-src': Blacklist-src from well-known src-port; 'ignore': Ignore well-known src-port; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Mutual Exclusion:** known-resp-src-port-action and known-resp-src-port-action-list-name are mutually exclusive **known-resp-src-port-action-list-name** **Description** Configure action-list to take for well-known src-port **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** known-resp-src-port-action-list-name and known-resp-src-port-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _508_zero-win-cfg: zero-win-cfg ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **zero-win** **Description** Take action if zero window pkts exceed configured threshold **Type:** number **Range:** 1-250 **Mutual Exclusion:** zero-win and per-conn-zero-win-rate-limit are mutually exclusive **zero-win-action** **Description** 'drop': Drop packets for zero-win exceed (Default); 'blacklist-src': help Blacklist-src for zero-win exceed; 'ignore': Ignore zero-win exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** zero-win-action and zero-win-action-list-name are mutually exclusive **zero-win-action-list-name** **Description** Configure action-list to take for zero window exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** zero-win-action-list-name and zero-win-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list ` .. _508_out-of-seq-cfg: out-of-seq-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **out-of-seq** **Description** Take action if out-of-seq pkts exceed configured threshold **Type:** number **Range:** 1-64000 **Mutual Exclusion:** out-of-seq and per-conn-out-of-seq-rate-limit are mutually exclusive **out-of-seq-action** **Description** 'drop': Drop packets for out-of-seq exceed (Default); 'blacklist-src': help Blacklist-src for out-of-seq exceed; 'ignore': help Ignore out-of-seq exceed; **Type:** string **Supported Values:** drop, blacklist-src, ignore **Default:** drop **Mutual Exclusion:** out-of-seq-action and out-of-seq-action-list-name are mutually exclusive **out-of-seq-action-list-name** **Description** Configure action-list to take for out-of-seq exceed **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Mutual Exclusion:** out-of-seq-action-list-name and out-of-seq-action are mutually exclusive **Reference Object:** :doc:`/axapi/v3/ddos/action-list `