Configuring a rule for ipv6 icmp types, Table 16 – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 145

Advertising
background image

ServerIron ADX Security Guide

131

53-1002440-03

DDoS protection

5

Configuring a rule for IPv6 ICMP types

ServerIron ADX has a set of built-in rules to manage IPv6 icmp types. In this case, the rule
command is used with a <icmp-option> variable specified in Table 16.

The following example configures the "filter4" security filter with a rule to drop packets that
acontain the icmpv6-option type echo-reply.

ServerIronADX(config)# security filter filter4

ServerIronADX(config-sec-filter4)#rule icmp-type echo-reply drop

Syntax: [no] rule ip-option <icmpv6-type> [log | no-log] [drop | no-drop]

The <ipv6-type> variable is specified as one of the options described in Table 16.

The log parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the rule specified by the configured <icmpv6-type>. The no-log parameter disables this function.

The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the rule specified by the configured <icmpv6-type>. The no-drop parameter disables this function

icmp-type router-advertisement

icmp type 9: router-advertisement

icmp-type r outer-selection

icmp type 10: router-selection

icmp-type source-quench

icmp type 4: source-quench

icmp-type time

icmp type 11: time-exceeded

icmp-type timestamp

icmp type 13: timestamp

icmp-type timestamp-reply

icmp type 14: timestamp-reply

TABLE 15

icmp option types and descriptions

TABLE 16

ICMPv6 types and descriptions

Attack Type

Description

cpa

ICMP type 149: Certification Path Advertisement.

cps

ICMP type 148: Certification Path Solicitation

echo-reply

ICMP type 129: echo-reply

echo-request

ICMP type 148: echo-request

mra

ICMP type 151: Multicast Router Advertisement

mrs

ICMP type 152: Multicast Router Solicitation

mrt

ICMP type 153: Multicast Router Termination

neighbor-advertisement

ICMP type 136: neighbor-advertisement

neighbor-solicitation

ICMP type 135: neighbor-solicitation

private

ICMP type 200: Private experimentation

private1

ICMP type 201: Private experimentation

redirect-message

ICMP type 137: redirect-message

Advertising
Popular Brands
Popular manuals