.. _ip_anomaly_drop: ip anomaly-drop =============== Set IP anomaly drop policy anomaly-drop Specification -------------------------- ===================================== ======================================================== **Parameter** **Value** ===================================== ======================================================== **Type** *Configuration Resource* **Element Name** anomaly-drop **Element URI** /axapi/v3/ip/anomaly-drop **Element Attributes** anomaly-drop_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/ip/anomaly-drop/stats **Schema** :download:`anomaly-drop schema ` ===================================== ======================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2017_anomaly-drop_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2017_anomaly-drop_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2017_anomaly-drop_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2017_anomaly-drop_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2017_anomaly-drop_attributes` .. raw:: html
.. _2017_anomaly-drop_attributes: anomaly-drop attributes ----------------------- **bad-content** **Description** bad content threshold (threshold value) **Type:** number **Range:** 1-127 **drop-all** **Description** drop all IP anomaly packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **frag** **Description** drop all fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-option** **Description** drop packets with IP options **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **land-attack** **Description** drop IP packets with the same source and destination addresses **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **out-of-sequence** **Description** out of sequence packet threshold (threshold value) **Type:** number **Range:** 1-127 **packet-deformity** **Description:** packet-deformity is a **JSON Block**. Please see below for :ref:`2017_packet-deformity` **Type:** Object **ping-of-death** **Description** drop oversize ICMP packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **security-attack** **Description:** security-attack is a **JSON Block**. Please see below for :ref:`2017_security-attack` **Type:** Object **tcp-no-flag** **Description** drop TCP packets with no flag **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-syn-fin** **Description** drop TCP packets with both syn and fin flags set **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-syn-frag** **Description** drop fragmented TCP packets with syn flag set **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zero-window** **Description** zero window size threshold (threshold value) **Type:** number **Range:** 1-127 .. _2017_security-attack: security-attack ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **security-attack-layer-3** **Description** drop packets with layer 3 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **security-attack-layer-4** **Description** drop packets with layer 4 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2017_packet-deformity: packet-deformity ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **packet-deformity-layer-3** **Description** drop packets with layer 3 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **packet-deformity-layer-4** **Description** drop packets with layer 4 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2017_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'land': Land Attack Drop; 'emp_frg': Empty Fragment Drop; 'emp_mic_frg': Micro Fragment Drop; 'opt': IPv4 Options Drop; 'frg': IPv4 Fragment Drop; 'bad_ip_hdrlen': Bad IP Header Len Drop; 'bad_ip_flg': Bad IP Flags Drop; 'bad_ip_ttl': Bad IP TTL Drop; 'no_ip_payload': No IP Payload drop; 'over_ip_payload': Oversize IP Payload Drop; 'bad_ip_payload_len': Bad IP Payload Len Drop; 'bad_ip_frg_offset': Bad IP Fragment Offset Drop; 'csum': Bad IP Checksum Drop; 'pod': ICMP Ping of Death Drop; 'bad_tcp_urg_offset': TCP Bad Urgent Offset Drop; 'tcp_sht_hdr': TCP Short Header Drop; 'tcp_bad_iplen': TCP Bad IP Length Drop; 'tcp_null_frg': TCP Null Flags Drop; 'tcp_null_scan': TCP Null Scan Drop; 'tcp_syn_fin': TCP Syn and Fin Drop; 'tcp_xmas': TCP XMAS Flags Drop; 'tcp_xmas_scan': TCP XMAS Scan Drop; 'tcp_syn_frg': TCP Syn Fragment Drop; 'tcp_frg_hdr': TCP Fragmented Header Drop; 'tcp_bad_csum': TCP Bad Checksum Drop; 'udp_srt_hdr': UDP Short Header Drop; 'udp_bad_len': UDP Bad Length Drop; 'udp_kerb_frg': UDP Kerberos Fragment Drop; 'udp_port_lb': UDP Port Loopback Drop; 'udp_bad_csum': UDP Bad Checksum Drop; 'runt_ip_hdr': Runt IP Header Drop; 'runt_tcp_udp_hdr': Runt TCP/UDP Header Drop; 'ipip_tnl_msmtch': IP-over-IP Tunnel Mismatch Drop; 'tcp_opt_err': TCP Option Error Drop; 'ipip_tnl_err': IP-over-IP Tunnel Error Drop; 'vxlan_err': VXLAN Tunnel Error Drop; 'nvgre_err': GRE Tunnel Error Drop; 'gre_pptp_err': GRE PPTP Error Drop; **Type:** string **Supported Values:** all, land, emp_frg, emp_mic_frg, opt, frg, bad_ip_hdrlen, bad_ip_flg, bad_ip_ttl, no_ip_payload, over_ip_payload, bad_ip_payload_len, bad_ip_frg_offset, csum, pod, bad_tcp_urg_offset, tcp_sht_hdr, tcp_bad_iplen, tcp_null_frg, tcp_null_scan, tcp_syn_fin, tcp_xmas, tcp_xmas_scan, tcp_syn_frg, tcp_frg_hdr, tcp_bad_csum, udp_srt_hdr, udp_bad_len, udp_kerb_frg, udp_port_lb, udp_bad_csum, runt_ip_hdr, runt_tcp_udp_hdr, ipip_tnl_msmtch, tcp_opt_err, ipip_tnl_err, vxlan_err, nvgre_err, gre_pptp_err