ddos ip-filtering-policy rule¶
IP filter rule configuration
rule Specification¶
Parameter Value Type Collection Object Key(s) seq Collection Name rule-list Collection URI /axapi/v3/ddos/ip-filtering-policy/{name}/rule Element Name rule Element URI /axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq} Element Attributes rule_attributes Partition Visibility shared Schema rule schemaOperations Allowed:
| Operation | Method | URI | Payload | |
|---|---|---|---|---|
Create Object | POST | /axapi/v3/ddos/ip-filtering-policy/{name}/rule | ||
Create List | POST | /axapi/v3/ddos/ip-filtering-policy/{name}/rule | ||
Get Object | GET | /axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq} | ||
Get List | GET | /axapi/v3/ddos/ip-filtering-policy/{name}/rule | ||
Modify Object | POST | /axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq} | ||
Replace Object | PUT | /axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq} | ||
Replace List | PUT | /axapi/v3/ddos/ip-filtering-policy/{name}/rule | ||
Delete Object | DELETE | /axapi/v3/ddos/ip-filtering-policy/{name}/rule/{seq} |
rule-list¶
rule-list is JSON List of rule attributes
rule-list : [
]
rule attributes¶
action
Description ‘drop’: Drop the packet (default); ‘permit’: Let the packet skip all afterword address filters; ‘blacklist’: Blacklist with glid; ‘bypass’: Bypass all the ddos process;
Type: string
Supported Values: drop, permit, blacklist, bypass
Default: drop
dst-ip
Description IPv4 Subnet address
Type: string
Format: ipv4-cidr
Mutual Exclusion: dst-ip, src-ipv6, and dst-ipv6 are mutually exclusive
dst-ipv6
Description IPv6 Subnet address
Type: string
Format: ipv6-address-plen
Mutual Exclusion: dst-ipv6, src-ip, and dst-ip are mutually exclusive
dst-port
Description Match only packets with the port number
Type: number
Range: 1-65535
Mutual Exclusion: dst-port and dst-port-start are mutually exclusive
dst-port-end
Description Ending Port Number
Type: number
Range: 1-65535
dst-port-start
Description Match only packets in the range of port numbers (Starting Port Number)
Type: number
Range: 1-65535
Mutual Exclusion: dst-port-start and dst-port are mutually exclusive
glid
Description Global limit ID
Type: string
Format: string-rlx
Maximum Length: 63 characters
Maximum Length: 1 characters
Reference Object: /axapi/v3/glid
icmp-code
Description ICMP code
Type: number
Range: 0-255
icmp-type
Description ICMP message type
Type: number
Range: 0-255
proto-num
Description IP proto number
Type: number
Range: 0-255
protocol
Description ‘tcp’: TCP; ‘udp’: UDP; ‘icmp-v4’: ICMP; ‘icmp-v6’: ICMPv6; ‘number’: Specify IP protocol number;
Type: string
Supported Values: tcp, udp, icmp-v4, icmp-v6, number
seq
Description Sequence number
Type: number
Range: 1-200
src-ip
Description IPv4 Subnet address
Type: string
Format: ipv4-cidr
Mutual Exclusion: src-ip, src-ipv6, and dst-ipv6 are mutually exclusive
src-ipv6
Description IPv6 Subnet address
Type: string
Format: ipv6-address-plen
Mutual Exclusion: src-ipv6, src-ip, and dst-ip are mutually exclusive
src-port
Description Match only packets with the port number
Type: number
Range: 1-65535
Mutual Exclusion: src-port and src-port-start are mutually exclusive
src-port-end
Description Ending Port Number
Type: number
Range: 1-65535
src-port-start
Description Match only packets in the range of port numbers (Starting Port Number)
Type: number
Range: 1-65535
Mutual Exclusion: src-port-start and src-port are mutually exclusive
tcp-flag
Description ‘match-all’: not = 0 match = 1; ‘none-of’: not = 1 match = 0; ‘match-any’: not = 0 match = 0;
Type: string
Supported Values: match-all, none-of, match-any
tcp-flags-bitmask
Description Bitmask in Hex
Type: string
Format: time
Maximum Length: 255 characters
Maximum Length: 1 characters
user-tag
Description Customized tag
Type: string
Format: string-rlx
Maximum Length: 127 characters
Maximum Length: 1 characters
uuid
Description uuid of the object
Type: string
Maximum Length: 64 characters
Maximum Length: 1 characters