ddos dst default¶
Configure IP/IPv6 default entry
default Specification¶
Parameter Value Type Collection Object Key(s) default-address-type Collection Name default-list Collection URI /axapi/v3/ddos/dst/default Element Name default Element URI /axapi/v3/ddos/dst/default/{default-address-type} Element Attributes default_attributes Partition Visibility shared Schema default schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/dst/default | ||
Create List | POST | /axapi/v3/ddos/dst/default | ||
Get Object | GET | /axapi/v3/ddos/dst/default/{default-address-type} | ||
Get List | GET | /axapi/v3/ddos/dst/default | ||
Modify Object | POST | /axapi/v3/ddos/dst/default/{default-address-type} | ||
Replace Object | PUT | /axapi/v3/ddos/dst/default/{default-address-type} | ||
Replace List | PUT | /axapi/v3/ddos/dst/default | ||
Delete Object | DELETE | /axapi/v3/ddos/dst/default/{default-address-type} | ||
default-list¶
default-list is JSON List of default attributes
default-list : [
]
default attributes¶
age
Description Idle age for ip entry
Type: number
Range: 5-1023
apply-policy-on-overflow
Description Enable this flag to apply overflow policy when dynamic entry count overflows
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
default-address-type
Description ‘ip’: ip; ‘ipv6’: ipv6;
Type: string
Supported Values: ip, ipv6
deny
Description Blacklist and Drop all incoming packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable
Description Disable
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable
Description Disable certain drops during packet processing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-disable-fwd-immediate
Description Immediately forward L4 drops
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-cfg
Description: exceed-log-cfg is a JSON Block. Please see below for exceed-log-cfg
Type: Object
exceed-log-dep-cfg
Description: exceed-log-dep-cfg is a JSON Block. Please see below for exceed-log-dep-cfg
Type: Object
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
inbound-forward-dscp
Description To set dscp value for inbound packets (DSCP Value for the clear traffic marking)
Type: number
Range: 1-63
ip-proto-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/ip-proto/{port-num}
l4-type-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/l4-type/{protocol}
log-periodic
Description Enable periodic log while event is continuing
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
max-dynamic-entry-count
Description Maximum count for dynamic dst entry
Type: number
Range: 0-2147483647
outbound-forward-dscp
Description To set dscp value for outbound
Type: number
Range: 1-63
port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/port/{port-num}+{protocol}
src-port-list
Type: List
Reference Object: /axapi/v3/ddos/dst/default/{default-address-type}/src-port/{port-num}+{protocol}
template
Description: template is a JSON Block. Please see below for template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘dns-tcp’: dns-tcp; ‘dns-udp’: dns-udp; ‘http’: http; ‘tcp’: tcp; ‘udp’: udp; ‘ssl-l4’: ssl-l4; ‘sip-udp’: sip-udp; ‘sip-tcp’: sip-tcp;
Type: string
Supported Values: dns-tcp, dns-udp, http, tcp, udp, ssl-l4, sip-udp, sip-tcp
template
Description: template is a JSON Block. Please see below for port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
port-list_template¶
Specification Value Type object dns
Description DDOS dns template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
http
Description DDOS http template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
sip
Description DDOS sip template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ssl-l4
Description DDOS ssl-l4 template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
tcp
Description DDOS tcp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
udp
Description DDOS udp template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
template¶
Specification Value Type object logging
Description DDOS logging template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
l4-type-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
disable-syn-auth
Description Disable TCP SYN Authentication
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-frag-pkt
Description Drop fragmented packets
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
drop-on-no-port-match
Description ‘disable’: disable; ‘enable’: enable;
Type: string
Supported Values: disable, enable
Default: enable
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
max-rexmit-syn-per-flow
Description Maximum number of re-transmit SYN per flow. Exceed action set to Drop
Type: number
Range: 1-6
protocol
Description ‘tcp’: tcp; ‘udp’: udp; ‘icmp’: icmp; ‘other’: other;
Type: string
Supported Values: tcp, udp, icmp, other
stateful
Description Enable stateful tracking of sessions (Default is stateless)
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
syn-auth
Description ‘send-rst’: Send RST to client upon client ACK; ‘force-rst-by-ack’: Force client RST via the use of ACK; ‘force-rst-by-synack’: Force client RST via the use of bad SYN|ACK; ‘disable’: Disable TCP SYN Authentication;
Type: string
Supported Values: send-rst, force-rst-by-ack, force-rst-by-synack, disable
Default: send-rst
syn-cookie
Description Enable SYN Cookie
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-client
Description Send reset to client when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tcp-reset-server
Description Send reset to server when rate exceeds or session ages out
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
tunnel-decap
Description: tunnel-decap is a JSON Block. Please see below for l4-type-list_tunnel-decap
Type: Object
tunnel-rate-limit
Description: tunnel-rate-limit is a JSON Block. Please see below for l4-type-list_tunnel-rate-limit
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
l4-type-list_tunnel-rate-limit¶
Specification Value Type object gre-rate-limit
Description Enable inner IP rate limiting on GRE traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-rate-limit
Description Enable inner IP rate limiting on IPinIP traffic
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
l4-type-list_tunnel-decap¶
Specification Value Type object gre-decap
Description Enable GRE Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
ip-decap
Description Enable IP Tunnel decapsulation
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
key-cfg
Type: List
l4-type-list_tunnel-decap_key-cfg¶
Specification Value Type list Block object keys key
Description Only decapsulate GRE packet with this key (Hexadecimal 0x0-0xFFFFFFFF,decimal 0-4294967295)
Type: string
Maximum Length: 10 characters
Maximum Length: 1 characters
src-port-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Port Number
Type: number
Range: 0-65535
protocol
Description ‘udp’: udp; ‘tcp’: tcp;
Type: string
Supported Values: udp, tcp
template
Description: template is a JSON Block. Please see below for src-port-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
src-port-list_template¶
Specification Value Type object src-tcp
Description DDOS tcp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
src-udp
Description DDOS udp src template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
ip-proto-list¶
Specification Value Type list Block object keys deny
Description Blacklist and Drop all incoming packets for protocol
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
port-num
Description Protocol Number
Type: number
Range: 0-255
template
Description: template is a JSON Block. Please see below for ip-proto-list_template
Type: Object
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters
ip-proto-list_template¶
Specification Value Type object other
Description DDOS other template
Type: string
Format: string-rlx
Maximum Length: 128 characters
Maximum Length: 1 characters
exceed-log-cfg¶
Specification Value Type object log-enable
Description Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
with-sflow-sample
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
exceed-log-dep-cfg¶
Specification Value Type object exceed-log-enable
Description (Deprecated)Enable logging of limit exceed drop’s
Type: boolean
Supported Values: true, false, 1, 0
Default: 0
log-with-sflow-dep
Description Turn on sflow sample with log
Type: boolean
Supported Values: true, false, 1, 0
Default: 0