.. _ddos_dst_default: ddos dst default ================ Configure IP/IPv6 default entry default Specification --------------------- ===================================== ================================================================================ **Parameter** **Value** ===================================== ================================================================================ **Type** *Collection* **Object Key(s)** *default-address-type* **Collection Name** :ref:`706_default_list` **Collection URI** /axapi/v3/ddos/dst/default **Element Name** default **Element URI** /axapi/v3/ddos/dst/default/{default-address-type} **Element Attributes** default_attributes **Partition Visibility** shared **Schema** :download:`default schema ` ===================================== ================================================================================ **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/default .. raw:: html :ref:`706_default_attributes` .. raw:: html
Create List .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/default .. raw:: html :ref:`706_default_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst/default/{default-address-type} .. raw:: html :ref:`706_default_attributes` .. raw:: html
Get List .. raw:: html GET .. raw:: html /axapi/v3/ddos/dst/default .. raw:: html :ref:`706_default_list` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ddos/dst/default/{default-address-type} .. raw:: html :ref:`706_default_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ddos/dst/default/{default-address-type} .. raw:: html :ref:`706_default_attributes` .. raw:: html
Replace List .. raw:: html PUT .. raw:: html /axapi/v3/ddos/dst/default .. raw:: html :ref:`706_default_list` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ddos/dst/default/{default-address-type} .. raw:: html :ref:`706_default_attributes` .. raw:: html
.. _706_default_list: default-list ------------ default-list is **JSON List** of :ref:`706_default_attributes` default-list : [ { :ref:`706_default_attributes` }, { :ref:`706_default_attributes` }, ... ] .. _706_default_attributes: default attributes ------------------ **age** **Description** Idle age for ip entry **Type:** number **Range:** 5-1023 **apply-policy-on-overflow** **Description** Enable this flag to apply overflow policy when dynamic entry count overflows **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **default-address-type** **Description** 'ip': ip; 'ipv6': ipv6; **Type:** string **Supported Values:** ip, ipv6 **deny** **Description** Blacklist and Drop all incoming packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable** **Description** Disable **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable** **Description** Disable certain drops during packet processing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-disable-fwd-immediate** **Description** Immediately forward L4 drops **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **exceed-log-cfg** **Description:** exceed-log-cfg is a **JSON Block**. Please see below for :ref:`706_exceed-log-cfg` **Type:** Object **exceed-log-dep-cfg** **Description:** exceed-log-dep-cfg is a **JSON Block**. Please see below for :ref:`706_exceed-log-dep-cfg` **Type:** Object **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **inbound-forward-dscp** **Description** To set dscp value for inbound packets (DSCP Value for the clear traffic marking) **Type:** number **Range:** 1-63 **ip-proto-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num} ` **l4-type-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol} ` **log-periodic** **Description** Enable periodic log while event is continuing **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **max-dynamic-entry-count** **Description** Maximum count for dynamic dst entry **Type:** number **Range:** 0-2147483647 **outbound-forward-dscp** **Description** To set dscp value for outbound **Type:** number **Range:** 1-63 **port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol} ` **src-port-list** **Type:** List **Reference Object:** :doc:`/axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol} ` **template** **Description:** template is a **JSON Block**. Please see below for :ref:`706_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _706_port-list: port-list ^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'dns-tcp': dns-tcp; 'dns-udp': dns-udp; 'http': http; 'tcp': tcp; 'udp': udp; 'ssl-l4': ssl-l4; 'sip-udp': sip-udp; 'sip-tcp': sip-tcp; **Type:** string **Supported Values:** dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`706_port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _706_port-list_template: port-list_template ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dns** **Description** DDOS dns template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **http** **Description** DDOS http template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **sip** **Description** DDOS sip template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **ssl-l4** **Description** DDOS ssl-l4 template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **tcp** **Description** DDOS tcp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **udp** **Description** DDOS udp template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _706_template: template ^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **logging** **Description** DDOS logging template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _706_l4-type-list: l4-type-list ^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **disable-syn-auth** **Description** Disable TCP SYN Authentication **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-frag-pkt** **Description** Drop fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **drop-on-no-port-match** **Description** 'disable': disable; 'enable': enable; **Type:** string **Supported Values:** disable, enable **Default:** enable **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **max-rexmit-syn-per-flow** **Description** Maximum number of re-transmit SYN per flow. Exceed action set to Drop **Type:** number **Range:** 1-6 **protocol** **Description** 'tcp': tcp; 'udp': udp; 'icmp': icmp; 'other': other; **Type:** string **Supported Values:** tcp, udp, icmp, other **stateful** **Description** Enable stateful tracking of sessions (Default is stateless) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **syn-auth** **Description** 'send-rst': Send RST to client upon client ACK; 'force-rst-by-ack': Force client RST via the use of ACK; 'force-rst-by-synack': Force client RST via the use of bad SYN|ACK; 'disable': Disable TCP SYN Authentication; **Type:** string **Supported Values:** send-rst, force-rst-by-ack, force-rst-by-synack, disable **Default:** send-rst **syn-cookie** **Description** Enable SYN Cookie **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-client** **Description** Send reset to client when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-reset-server** **Description** Send reset to server when rate exceeds or session ages out **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tunnel-decap** **Description:** tunnel-decap is a **JSON Block**. Please see below for :ref:`706_l4-type-list_tunnel-decap` **Type:** Object **tunnel-rate-limit** **Description:** tunnel-rate-limit is a **JSON Block**. Please see below for :ref:`706_l4-type-list_tunnel-rate-limit` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _706_l4-type-list_tunnel-rate-limit: l4-type-list_tunnel-rate-limit ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-rate-limit** **Description** Enable inner IP rate limiting on GRE traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-rate-limit** **Description** Enable inner IP rate limiting on IPinIP traffic **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _706_l4-type-list_tunnel-decap: l4-type-list_tunnel-decap ^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **gre-decap** **Description** Enable GRE Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-decap** **Description** Enable IP Tunnel decapsulation **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **key-cfg** **Type:** List .. _706_l4-type-list_tunnel-decap_key-cfg: l4-type-list_tunnel-decap_key-cfg ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **key** **Description** Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295) **Type:** string **Maximum Length:** 10 characters **Maximum Length:** 1 characters .. _706_src-port-list: src-port-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Port Number **Type:** number **Range:** 0-65535 **protocol** **Description** 'udp': udp; 'tcp': tcp; **Type:** string **Supported Values:** udp, tcp **template** **Description:** template is a **JSON Block**. Please see below for :ref:`706_src-port-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _706_src-port-list_template: src-port-list_template ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **src-tcp** **Description** DDOS tcp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters **src-udp** **Description** DDOS udp src template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _706_ip-proto-list: ip-proto-list ^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **deny** **Description** Blacklist and Drop all incoming packets for protocol **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **glid** **Description** Global limit ID **Type:** string **Format:** string-rlx **Maximum Length:** 63 characters **Maximum Length:** 1 characters **Reference Object:** :doc:`/axapi/v3/glid ` **port-num** **Description** Protocol Number **Type:** number **Range:** 0-255 **template** **Description:** template is a **JSON Block**. Please see below for :ref:`706_ip-proto-list_template` **Type:** Object **user-tag** **Description** Customized tag **Type:** string **Format:** string-rlx **Maximum Length:** 127 characters **Maximum Length:** 1 characters **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters .. _706_ip-proto-list_template: ip-proto-list_template ^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **other** **Description** DDOS other template **Type:** string **Format:** string-rlx **Maximum Length:** 128 characters **Maximum Length:** 1 characters .. _706_exceed-log-cfg: exceed-log-cfg ^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **log-enable** **Description** Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **with-sflow-sample** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _706_exceed-log-dep-cfg: exceed-log-dep-cfg ^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **exceed-log-enable** **Description** (Deprecated)Enable logging of limit exceed drop's **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **log-with-sflow-dep** **Description** Turn on sflow sample with log **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0