 | Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |
- rule rule-name {
-
match-direction (input | output | input-output);
-
-
term term-name {
-
-
from {
-
applications [ application-names ];
-
application-sets [ set-names ];
-
destination-address (address | any-unicast) <except>;
-
destination-address-range low minimum-value high maximum-value <except>;
-
source-address (address | any-unicast) <except>;
-
source-address-range low minimum-value high maximum-value <except>;
- }
-
-
then {
-
-
aggregation {
-
destination-prefix prefix-value | destination-prefix-ipv6 prefix-value;
-
source-prefix prefix-value | source-prefix-ipv6 prefix-value;
- }
- (force-entry | ignore-entry);
-
-
logging {
-
syslog;
-
threshold rate;
- }
-
-
session-limit {
-
-
by-destination {
- hold-time seconds;
- maximum number;
- packets number;
- rate number;
- }
-
-
by-pair {
- hold-time seconds;
- maximum number;
- packets number;
- rate number;
- }
-
-
by-source {
- hold-time seconds;
- maximum number;
- packets number;
- rate number;
- }
- }
-
-
syn-cookie {
-
mss value;
-
threshold rate;
- }
- }
- }
- }
- [edit services ids],
- [edit services ids rule-set rule-set-name]
Statement introduced before JUNOS Release 7.4.
Specify the rule the router uses when applying this service.
rule-name—Identifier for the collection of terms that constitute this rule.
See Configuring IDS Rule Content.
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
| Copyright © 2008, Juniper Networks, Inc. All rights reserved. Trademark Notice. | |