Configuring a rule for ipv6 icmp types, Configuring a rule for ipv6 ext header types, Table 13 – Brocade Virtual ADX Security Guide (Supporting ADX v03.1.00) User Manual

Page 104

Advertising
background image

92

Brocade Virtual ADX Security Guide

53-1003250-01

DDoS protection

5

Configuring a rule for IPv6 ICMP types

Brocade Virtual ADX has a set of built-in rules to manage IPv6 icmp types. In this case, the rule
command is used with a icmp-option variable specified in

Table 13

.

The following example configures the "filter4" security filter with a rule to drop packets that
contains the icmpv6-option type echo-reply.

Virtual ADX(config)#security filter filter4

Virtual ADX(config-sec-filter4)#rule icmp-type echo-reply drop

Syntax: [no] rule icmp-type icmpv6-type [log | no-log] [drop | no-drop]

The ipv6-type variable is specified as one of the options described in

Table 13

.

The log parameter directs the Brocade Virtual ADX to drop traffic on the bound interface that
matches the rule specified by the configured icmpv6-type. The no-log parameter disables this
function.

The drop parameter directs the Brocade Virtual ADX to drop traffic on the bound interface that
matches the rule specified by the configured icmpv6-type. The no-drop parameter disables this
function.

Configuring a rule for IPv6 ext header types

Brocade Virtual ADX has a set of built-in rules to manage IPv6 header types. In this case, the rule
command is used with a ipv6-ext-header-type variable specified in

Table 14

.

The following example configures the "filter5" security filter with a rule to drop packets that contain
the ipv6-ext-header type esp.

TABLE 13

ICMPv6 types and descriptions

Attack Type

Description

cpa

ICMP type 149: Certification Path Advertisement.

cps

ICMP type 148: Certification Path Solicitation

echo-reply

ICMP type 129: echo-reply

echo-request

ICMP type 148: echo-request

mra

ICMP type 151: Multicast Router Advertisement

mrs

ICMP type 152: Multicast Router Solicitation

mrt

ICMP type 153: Multicast Router Termination

neighbor-advertisement

ICMP type 136: neighbor-advertisement

neighbor-solicitation

ICMP type 135: neighbor-solicitation

private

ICMP type 200: Private experimentation

private1

ICMP type 201: Private experimentation

redirect-message

ICMP type 137: redirect-message

reserved

ICMP type 255: reserved for expansion

router-advertisement

ICMP type 134: router-advertisement

router-solicitation

ICMP type 133: router-solicitation

Advertising
Popular Brands
Popular manuals