Hide Navigation Pane
Show Navigation Pane
Feedback
Download
SHA1
rule (IPS Rulebase)
Syntax
rule
rule-name {description text ;match {attacks {custom-attacks [ attack-name
];predefined-attack-groups
[ attack-name ];predefined-attacks [ attack-name
];}destination-address [ address-name
];destination-except [ address-name
];from-zone zone-name ;source-address [ address-name
];source-except [ address-name
];to-zone
zone-name ;}terminal;then {action {(close-client | close-client-and-server
| close-server |drop-connection | drop-packet
| ignore-connection | mark-diffserv value |
no-action | recommended);}ip-action {(ip-block | ip-close | ip-notify);log;target (destination-address
| service | source-address | source-zone | zone-service);timeout
seconds ;}notification {log-attacks {alert;(}packet-log {pre-attack number;post-attack number;post-attack-timeout seconds;}}severity (critical | info
| major | minor | warning);}}
Hierarchy Level
[edit security idp idp-policy policy-name rulebase-ips]
Release Information
Statement introduced in Release 9.2 of Junos OS.
Description
Specify IPS rule to create, modify, delete, and reorder the rules in a rulebase.
Options
rule -name —Name of the IPS rulebase rule.
The remaining statements are explained separately.
Usage Guidelines
For configuration instructions and examples, see the Junos OS Security Configuration Guide.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
