.. _ip_anomaly_drop: ip anomaly-drop =============== Set IP anomaly drop policy anomaly-drop Specification -------------------------- ===================================== ======================================================== **Parameter** **Value** ===================================== ======================================================== **Type** *Configuration Resource* **Element Name** anomaly-drop **Element URI** /axapi/v3/ip/anomaly-drop **Element Attributes** anomaly-drop_attributes **Partition Visibility** shared **Statistics Data URI** /axapi/v3/ip/anomaly-drop/stats **Schema** :download:`anomaly-drop schema ` ===================================== ======================================================== **Operations Allowed:** .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html .. raw:: html
OperationMethodURIPayload
Create Object .. raw:: html POST .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2053_anomaly-drop_attributes` .. raw:: html
Get Object .. raw:: html GET .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2053_anomaly-drop_attributes` .. raw:: html
Modify Object .. raw:: html POST .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2053_anomaly-drop_attributes` .. raw:: html
Replace Object .. raw:: html PUT .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2053_anomaly-drop_attributes` .. raw:: html
Delete Object .. raw:: html DELETE .. raw:: html /axapi/v3/ip/anomaly-drop .. raw:: html :ref:`2053_anomaly-drop_attributes` .. raw:: html
.. _2053_anomaly-drop_attributes: anomaly-drop attributes ----------------------- **bad-content** **Description** bad content threshold (threshold value) **Type:** number **Range:** 1-127 **drop-all** **Description** drop all IP anomaly packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **frag** **Description** drop all fragmented packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ip-option** **Description** drop packets with IP options **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-ext-header** **Description:** ipv6-ext-header is a **JSON Block**. Please see below for :ref:`2053_ipv6-ext-header` **Type:** Object **land-attack** **Description** drop IP packets with the same source and destination addresses **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **out-of-sequence** **Description** out of sequence packet threshold (threshold value) **Type:** number **Range:** 1-127 **packet-deformity** **Description:** packet-deformity is a **JSON Block**. Please see below for :ref:`2053_packet-deformity` **Type:** Object **ping-of-death** **Description** drop oversize ICMP packets **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **sampling-enable** **Type:** List **security-attack** **Description:** security-attack is a **JSON Block**. Please see below for :ref:`2053_security-attack` **Type:** Object **tcp-no-flag** **Description** drop TCP packets with no flag **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-syn-fin** **Description** drop TCP packets with both syn and fin flags set **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **tcp-syn-frag** **Description** drop fragmented TCP packets with syn flag set **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **uuid** **Description** uuid of the object **Type:** string **Maximum Length:** 64 characters **Maximum Length:** 1 characters **zero-window** **Description** zero window size threshold (threshold value) **Type:** number **Range:** 1-127 .. _2053_security-attack: security-attack ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **security-attack-layer-3** **Description** drop packets with layer 3 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **security-attack-layer-4** **Description** drop packets with layer 4 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2053_packet-deformity: packet-deformity ^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **packet-deformity-layer-3** **Description** drop packets with layer 3 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **packet-deformity-layer-4** **Description** drop packets with layer 4 anomaly **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 .. _2053_sampling-enable: sampling-enable ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **counters1** **Description** 'all': all; 'land': Land Attack Drop; 'emp_frg': Empty Fragment Drop; 'emp_mic_frg': Micro Fragment Drop; 'opt': IPv4 Options Drop; 'frg': IPv4 Fragment Drop; 'bad_ip_hdrlen': Bad IP Header Len Drop; 'bad_ip_flg': Bad IP Flags Drop; 'bad_ip_ttl': Bad IP TTL Drop; 'no_ip_payload': No IP Payload drop; 'over_ip_payload': Oversize IP Payload Drop; 'bad_ip_payload_len': Bad IP Payload Len Drop; 'bad_ip_frg_offset': Bad IP Fragment Offset Drop; 'csum': Bad IP Checksum Drop; 'pod': ICMP Ping of Death Drop; 'bad_tcp_urg_offset': TCP Bad Urgent Offset Drop; 'tcp_sht_hdr': TCP Short Header Drop; 'tcp_bad_iplen': TCP Bad IP Length Drop; 'tcp_null_frg': TCP Null Flags Drop; 'tcp_null_scan': TCP Null Scan Drop; 'tcp_syn_fin': TCP Syn and Fin Drop; 'tcp_xmas': TCP XMAS Flags Drop; 'tcp_xmas_scan': TCP XMAS Scan Drop; 'tcp_syn_frg': TCP Syn Fragment Drop; 'tcp_frg_hdr': TCP Fragmented Header Drop; 'tcp_bad_csum': TCP Bad Checksum Drop; 'udp_srt_hdr': UDP Short Header Drop; 'udp_bad_len': UDP Bad Length Drop; 'udp_kerb_frg': UDP Kerberos Fragment Drop; 'udp_port_lb': UDP Port Loopback Drop; 'udp_bad_csum': UDP Bad Checksum Drop; 'runt_ip_hdr': Runt IP Header Drop; 'runt_tcp_udp_hdr': Runt TCP/UDP Header Drop; 'ipip_tnl_msmtch': IP-over-IP Tunnel Mismatch Drop; 'tcp_opt_err': TCP Option Error Drop; 'ipip_tnl_err': IP-over-IP Tunnel Error Drop; 'vxlan_err': VXLAN Tunnel Error Drop; 'nvgre_err': GRE Tunnel Error Drop; 'gre_pptp_err': GRE PPTP Error Drop; **Type:** string **Supported Values:** all, land, emp_frg, emp_mic_frg, opt, frg, bad_ip_hdrlen, bad_ip_flg, bad_ip_ttl, no_ip_payload, over_ip_payload, bad_ip_payload_len, bad_ip_frg_offset, csum, pod, bad_tcp_urg_offset, tcp_sht_hdr, tcp_bad_iplen, tcp_null_frg, tcp_null_scan, tcp_syn_fin, tcp_xmas, tcp_xmas_scan, tcp_syn_frg, tcp_frg_hdr, tcp_bad_csum, udp_srt_hdr, udp_bad_len, udp_kerb_frg, udp_port_lb, udp_bad_csum, runt_ip_hdr, runt_tcp_udp_hdr, ipip_tnl_msmtch, tcp_opt_err, ipip_tnl_err, vxlan_err, nvgre_err, gre_pptp_err, ipv6_eh_hbh, ipv6_eh_dest, ipv6_eh_routing, ipv6_eh_frag, ipv6_eh_ah, ipv6_eh_esp, ipv6_eh_mobility, ipv6_eh_none, ipv6_eh_other, ipv6_eh_malformed .. _2053_ipv6-ext-header: ipv6-ext-header ^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *object* =============================== =================================================== **dst-option-list** **Type:** List **hbh-option-list** **Type:** List **ipv6-eh-auth** **Description** Filter authentication extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-dest** **Description** Filter destination extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-esp** **Description** Filter ESP extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-frag** **Description** Filter fragmentation extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-hbh** **Description** Filter hop by hop extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-malformed** **Description** Filter malformed extension headers (check for order and occurrences) **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-mobility** **Description** Filter mobility extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-nonext** **Description** Filter no-next-header extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **ipv6-eh-routing** **Description** Filter routing extension header **Type:** boolean **Supported Values:** true, false, 1, 0 **Default:** 0 **routing-option-list** **Type:** List **unknown-ext-header-list** **Type:** List .. _2053_ipv6-ext-header_routing-option-list: ipv6-ext-header_routing-option-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **routing-otype-from** **Description** Filter routing header option type (Option type value) **Type:** number **routing-otype-to** **Description** Option type range end **Type:** number .. _2053_ipv6-ext-header_dst-option-list: ipv6-ext-header_dst-option-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **dst-otype-from** **Description** Filter destination header option type (Option type value) **Type:** number **dst-otype-to** **Description** Option type range end **Type:** number .. _2053_ipv6-ext-header_hbh-option-list: ipv6-ext-header_hbh-option-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **hbh-otype-from** **Description** Filter hop by hop option type (Option type value) **Type:** number **hbh-otype-to** **Description** Option type range end **Type:** number .. _2053_ipv6-ext-header_unknown-ext-header-list: ipv6-ext-header_unknown-ext-header-list ^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^^ =============================== =================================================== **Specification** **Value** =============================== =================================================== **Type** *list* **Block object keys** =============================== =================================================== **eh-type-from** **Description** Filter unknown extension header (eh) type (Extension header type value) **Type:** number **eh-type-to** **Description** Extension header type range end **Type:** number