by-source (IDS MS-MPC)
Statement introduced in Junos OS Release 17.1.
Configure the IDS rule session limits for an individual source address or subnet. This protects against network probing attacks and network flooding attacks. When a session limit is exceeded for a source, packets from the source are dropped until the session limit is no longer exceeded. This IDS rule can only be assigned to a service set on an MS-MPC.
When a session limit is exceeded for a source, packets from the source are dropped until the session limit is no longer exceeded.
To specify limits for source subnets rather than individual addresses, include the aggregation statement at the [edit services ids rule rule-name term term-name then] hierarchy level.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.