rule (IDS MS-MPC)
構文
rule { match-direction (input | output | input-output); term { then { aggregation (IDS) { destination-prefix prefix-value | destination-prefix-ipv6 prefix-value; source-prefix prefix-value | source-prefix-ipv6 prefix-value; } allow-ip-options { any; loose-source-route; route-record; route-alert; security; stream-id; strict-source-route; timestamp; } allow-ipv6-extension-header { any; ah; dstopts; esp; fragment; hop-by-hop; mobility; routing; } icmp-fragment-check; icmp-large-packet-check; land-attack-check (ip-only | ip-port); session-limit { by-destination { by-protocol { icmp { maximum number; packets number; rate number; } tcp { maximum number; packets number; rate number; } udp { maximum number; packets number; rate number; } } maximum number; packets number; rate number; } by-source { by-protocol { icmp { maximum number; packets number; rate number; } tcp { maximum number; packets number; rate number; } udp { maximum number; packets number; rate number; } } maximum number; packets number; rate number; } } tcp-syn-defense; tcp-syn-fragment-check; tcp-winnuke-check; } } }
階層レベル
[edit services ids ]
必要な権限レベル
interface—設定でこのステートメントを表示します。
interface-control—設定にこのステートメントを追加します。
リリース情報
Junos OSリリース17.1で導入されたステートメント。