Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
 

white-list

Syntax

Hierarchy Level

Description

Configure a list of IP addresses that are exempt from the SYN cookie and SYN proxy mechanisms that occur during the SYN flood screen protection process. This list of exempt addresses is called an allowlist.

You can also use this statement to configure an allowlist of IP addresses that bypass UDP flood detection.

Note:

This statement is not supported to create UDP flood screen allowlists on SRX5400, SRX5600, and SRX5800 devices

Both IPv4 and IPv6 allowlists are supported. Addresses in the list must be all IPv4 or all IPv6. Each allowlist can have up to 32 IP address prefixes.

Options

  • name—The name of the allowlist.

  • destination-address address—Destination IP address or an address prefix. You can configure multiple addresses or address prefixes separated by spaces and enclosed in square brackets.

  • source-address address—Source IP address or an address prefix. You can configure multiple addresses or address prefixes separated by spaces and enclosed in square brackets.

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 12.1.

Support for UDP flood screen allowlist introduced in Junos OS Release 17.4.

tenant option added in Junos OS Release 18.3R1.

Support for UDP and TCP flood screen allowlists added in Junos OS Release 20.3R1 for Next Gen Services on MX240, MX480 and MX960 routers.