ip anomaly-drop

Set IP anomaly drop policy

anomaly-drop Specification

Parameter Value
Type Configuration Resource
Element Name anomaly-drop
Element URI /axapi/v3/ip/anomaly-drop
Element Attributes anomaly-drop_attributes
Partition Visibility shared
Statistics Data URI /axapi/v3/ip/anomaly-drop/stats
Schema anomaly-drop schema

Operations Allowed:

OperationMethodURIPayload

Create Object

POST

/axapi/v3/ip/anomaly-drop

anomaly-drop attributes

Get Object

GET

/axapi/v3/ip/anomaly-drop

anomaly-drop attributes

Modify Object

POST

/axapi/v3/ip/anomaly-drop

anomaly-drop attributes

Replace Object

PUT

/axapi/v3/ip/anomaly-drop

anomaly-drop attributes

Delete Object

DELETE

/axapi/v3/ip/anomaly-drop

anomaly-drop attributes

anomaly-drop attributes

bad-content

Description bad content threshold (threshold value)

Type: number

Range: 1-127

drop-all

Description drop all IP anomaly packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

frag

Description drop all fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-option

Description drop packets with IP options

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-ext-header

Description: ipv6-ext-header is a JSON Block. Please see below for ipv6-ext-header

Type: Object

land-attack

Description drop IP packets with the same source and destination addresses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

out-of-sequence

Description out of sequence packet threshold (threshold value)

Type: number

Range: 1-127

packet-deformity

Description: packet-deformity is a JSON Block. Please see below for packet-deformity

Type: Object

ping-of-death

Description drop oversize ICMP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sampling-enable

Type: List

security-attack

Description: security-attack is a JSON Block. Please see below for security-attack

Type: Object

tcp-no-flag

Description drop TCP packets with no flag

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-syn-fin

Description drop TCP packets with both syn and fin flags set

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-syn-frag

Description drop fragmented TCP packets with syn flag set

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description uuid of the object

Type: string

Maximum Length: 64 characters

Maximum Length: 1 characters

zero-window

Description zero window size threshold (threshold value)

Type: number

Range: 1-127

security-attack

Specification Value
Type object

security-attack-layer-3

Description drop packets with layer 3 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

security-attack-layer-4

Description drop packets with layer 4 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

packet-deformity

Specification Value
Type object

packet-deformity-layer-3

Description drop packets with layer 3 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

packet-deformity-layer-4

Description drop packets with layer 4 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sampling-enable

Specification Value
Type list
Block object keys  

counters1

Description ‘all’: all; ‘land’: Land Attack Drop; ‘emp_frg’: Empty Fragment Drop; ‘emp_mic_frg’: Micro Fragment Drop; ‘opt’: IPv4 Options Drop; ‘frg’: IPv4 Fragment Drop; ‘bad_ip_hdrlen’: Bad IP Header Len Drop; ‘bad_ip_flg’: Bad IP Flags Drop; ‘bad_ip_ttl’: Bad IP TTL Drop; ‘no_ip_payload’: No IP Payload drop; ‘over_ip_payload’: Oversize IP Payload Drop; ‘bad_ip_payload_len’: Bad IP Payload Len Drop; ‘bad_ip_frg_offset’: Bad IP Fragment Offset Drop; ‘csum’: Bad IP Checksum Drop; ‘pod’: ICMP Ping of Death Drop; ‘bad_tcp_urg_offset’: TCP Bad Urgent Offset Drop; ‘tcp_sht_hdr’: TCP Short Header Drop; ‘tcp_bad_iplen’: TCP Bad IP Length Drop; ‘tcp_null_frg’: TCP Null Flags Drop; ‘tcp_null_scan’: TCP Null Scan Drop; ‘tcp_syn_fin’: TCP Syn and Fin Drop; ‘tcp_xmas’: TCP XMAS Flags Drop; ‘tcp_xmas_scan’: TCP XMAS Scan Drop; ‘tcp_syn_frg’: TCP Syn Fragment Drop; ‘tcp_frg_hdr’: TCP Fragmented Header Drop; ‘tcp_bad_csum’: TCP Bad Checksum Drop; ‘udp_srt_hdr’: UDP Short Header Drop; ‘udp_bad_len’: UDP Bad Length Drop; ‘udp_kerb_frg’: UDP Kerberos Fragment Drop; ‘udp_port_lb’: UDP Port Loopback Drop; ‘udp_bad_csum’: UDP Bad Checksum Drop; ‘runt_ip_hdr’: Runt IP Header Drop; ‘runt_tcp_udp_hdr’: Runt TCP/UDP Header Drop; ‘ipip_tnl_msmtch’: IP-over-IP Tunnel Mismatch Drop; ‘tcp_opt_err’: TCP Option Error Drop; ‘ipip_tnl_err’: IP-over-IP Tunnel Error Drop; ‘vxlan_err’: VXLAN Tunnel Error Drop; ‘nvgre_err’: GRE Tunnel Error Drop; ‘gre_pptp_err’: GRE PPTP Error Drop;

Type: string

Supported Values: all, land, emp_frg, emp_mic_frg, opt, frg, bad_ip_hdrlen, bad_ip_flg, bad_ip_ttl, no_ip_payload, over_ip_payload, bad_ip_payload_len, bad_ip_frg_offset, csum, pod, bad_tcp_urg_offset, tcp_sht_hdr, tcp_bad_iplen, tcp_null_frg, tcp_null_scan, tcp_syn_fin, tcp_xmas, tcp_xmas_scan, tcp_syn_frg, tcp_frg_hdr, tcp_bad_csum, udp_srt_hdr, udp_bad_len, udp_kerb_frg, udp_port_lb, udp_bad_csum, runt_ip_hdr, runt_tcp_udp_hdr, ipip_tnl_msmtch, tcp_opt_err, ipip_tnl_err, vxlan_err, nvgre_err, gre_pptp_err, ipv6_eh_hbh, ipv6_eh_dest, ipv6_eh_routing, ipv6_eh_frag, ipv6_eh_ah, ipv6_eh_esp, ipv6_eh_mobility, ipv6_eh_none, ipv6_eh_other, ipv6_eh_malformed

ipv6-ext-header

Specification Value
Type object

dst-option-list

Type: List

hbh-option-list

Type: List

ipv6-eh-auth

Description Filter authentication extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-dest

Description Filter destination extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-esp

Description Filter ESP extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-frag

Description Filter fragmentation extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-hbh

Description Filter hop by hop extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-malformed

Description Filter malformed extension headers (check for order and occurrences)

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-mobility

Description Filter mobility extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-nonext

Description Filter no-next-header extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ipv6-eh-routing

Description Filter routing extension header

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

routing-option-list

Type: List

unknown-ext-header-list

Type: List

ipv6-ext-header_routing-option-list

Specification Value
Type list
Block object keys  

routing-otype-from

Description Filter routing header option type (Option type value)

Type: number

routing-otype-to

Description Option type range end

Type: number

ipv6-ext-header_dst-option-list

Specification Value
Type list
Block object keys  

dst-otype-from

Description Filter destination header option type (Option type value)

Type: number

dst-otype-to

Description Option type range end

Type: number

ipv6-ext-header_hbh-option-list

Specification Value
Type list
Block object keys  

hbh-otype-from

Description Filter hop by hop option type (Option type value)

Type: number

hbh-otype-to

Description Option type range end

Type: number

ipv6-ext-header_unknown-ext-header-list

Specification Value
Type list
Block object keys  

eh-type-from

Description Filter unknown extension header (eh) type (Extension header type value)

Type: number

eh-type-to

Description Extension header type range end

Type: number