internet-options
Syntax
internet-options {(gre-path-mtu-discovery | no-gre-path-mtu-discovery);icmpv4-rate-limit bucket-size bucket-size packet-rate packet-rate;icmpv6-rate-limit bucket-size bucket-size packet-rate packet-rate;(ipip-path-mtu-discovery | no-ipip-path-mtu-discovery);ipv6-duplicate-addr-detection-transmits;(ipv6-reject-zero-hop-limit | no-ipv6-reject-zero-hop-limit);(ipv6-path-mtu-discovery | no-ipv6-path-mtu-discovery);ipv6-path-mtu-discovery-timeout;no-tcp-rfc1323;no-tcp-rfc1323-paws;(path-mtu-discovery | no-path-mtu-discovery);source-port upper-limit
<upper-limit>;(source-quench |
no-source-quench);tcp-drop-synfin-set;tcp-mss mss-value;}
Hierarchy Level
[edit system]
Release Information
Statement introduced before JUNOS Release 7.4.
Statement introduced in JUNOS Release 9.0 for EX Series switches.
Description
Configure system IP options to protect against certain types of DoS attacks.
The remaining statements are explained separately.
Required Privilege Level
admin—To view this statement in the configuration.
admin-control—To add this statement to the configuration.
Related Topics
- Configuring the JUNOS Software ICMPv4 Rate Limit for ICMPv4 Routing Engine Messages
- Configuring the JUNOS Software ICMPv6 Rate Limit for ICMPv6 Routing Engine Messages
- Configuring the JUNOS Software for IP-IP Path MTU Discovery on IP-IP Tunnel Connections
- Configuring the JUNOS Software for Path MTU Discovery on Outgoing GRE Tunnel Connections
- Configuring the JUNOS Software for Path MTU Discovery on Outgoing TCP Connections
- Configuring the JUNOS Software for IPv6 Duplicate Address Detection Attempts
- Configuring the JUNOS Software for Acceptance of IPv6 Packets with a Zero Hop Limit
- Configuring the JUNOS Software to Ignore ICMP Source Quench Messages
- Configuring the JUNOS Software to Enable the Router or Switch to Drop Packets with the SYN and FIN Bits Set
- Configuring the JUNOS Software to Disable TCP RFC 1323 Extensions
- Configuring the JUNOS Software to Disable the TCP RFC 1323 PAWS Extension
- Configuring the JUNOS Software to Extend the Default Port Address Range
- Configuring TCP MSS for Session Negotiation
