rule (Application-Level DDoS Rulebase)

Syntax

rule rule-name {description text ;match {application [ any | default ];application-ddos ddos-application-name;destination-address [ address-name ];from-zone zone-name;source-address [ address-name ];to-zone zone-name;}then {action <close-server | drop-connection | drop-packet | no-action>;ip-action {<ip-block | ip-close | ip-notify>timeout secconds;}}}

Hierarchy Level

[edit security idp idp-policy policy-name rulebase-ddos]

Release Information

Statement introduced in Release 10.0 of Junos OS.

Description

Configure application-level DDoS rule match criteria, and the action to be taken on attack clients.

Options

rule-name—Name of the DDoS rulebase rule.

The remaining statements are explained separately.

Usage Guidelines

For configuration instructions and examples, see the Junos OS Security Configuration Guide.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Copyright© 1999-2010 Juniper Networks, Inc. All rights reserved.