Configuration procedure, Verifying the configuration – H3C Technologies H3C SecPath F1000-E User Manual

110

Figure 108 Network diagram

Configuration procedure

The following describes only connection limit configuration steps. For more information about NAT
configuration and internal server configuration, see NAT Configuration Guide.
# Create a connection limit policy and enter its view.

<SecPath> system-view

[SecPath] connection-limit policy 0

# Configure connection limit rule 0 to limit connections from hosts on segment 192.168.0.0/24 to the
external network per source address, with the upper connection limit of 100.

[SecPath-connection-limit-policy-0] limit 0 source ip 192.168.0.0 24 destination ip any

protocol ip max-connections 100 per-source

# Configure connection limit rule 1 to limit connections from the external network to the DNS server
192.168.0.3/24, with the upper connection limit of 10000.

[SecPath-connection-limit-policy-0] limit 1 source ip any destination ip 192.168.0.3 32

protocol dns max-connections 10000

# Configure connection limit rule 2 to limit connections from the external network to the Web server
192.168.0.2/24, with the upper connection limit of 10000.

[SecPath-connection-limit-policy-0] limit 2 source ip any destination ip 192.168.0.2 32

protocol http max-connections 10000

[SecPath-connection-limit-policy-0] quit

# Apply the connection limit policy.

[SecPath] connection-limit apply policy 0

Verifying the configuration

After the configuration, use the display connection-limit policy to display information about the

connection limit policy.

[SecPath] display connection-limit policy 0

Connection-limit policy 0, refcount 1, 3 limits

limit 0 source ip 192.168.0.0 24 destination ip any protocol ip max-connections 100

per-source

limit 1 source ip any destination ip 192.168.0.3 32 protocol dns max-connections 10000

limit 2 source ip any destination ip 192.168.0.2 32 protocol http max-connections 10000