Configuring a rule for ipv6 ext header types, And table 17 – Brocade Communications Systems ServerIron ADX 12.4.00a User Manual

Page 146

Advertising
background image

132

ServerIron ADX Security Guide

53-1002440-03

DDoS protection

5

Configuring a rule for IPv6 ext header types

ServerIron ADX has a set of built-in rules to manage IPv6 header types. In this case, the rule
command is used with a <ipv6-ext-header-type > variable specified in Table 17.

The following example configures the "filter5" security filter with a rule to drop packets that contain
the ipv6-ext-header type esp.

ServerIronADX(config)# security filter filter5

ServerIronADX(config-sec-filter5)#rule ipv6-ext-header-type esp drop

Syntax: [no] rule ipv6-ext-header-type <ipv6-ext-header-type> [log | no-log] [drop | no-drop]

The <ipv6-ext-header-type> variable is specified as one of the options described in Table
17.

The log parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the rule specified by the configured <ipv6-ext-header-type>. The no-log parameter disables
this function.

The drop parameter directs the ServerIron ADX to drop traffic on the bound interface that matches
the rule specified by the configured <ipv6-ext-header-type>. The no-drop parameter
disables this function

reserved

ICMP type 255: reserved for expansion

router-advertisement

ICMP type 134: router-advertisement

router-solicitation

ICMP type 133: router-solicitation

TABLE 17

IPv6 ext header types and descriptions

Attack Type

Description

ah

Authentication Header Option

cfg-hdr0-num

Configurable extension header code 0

cfg-hdr1-num

Configurable extension header code 1

cfg-hdr2-num

Configurable extension header code 2

cfg-hdr3-num

Configurable extension header code 3

destination-option

Destination Options (with Routing Options)

esp

Encapsulation Security Payload Header

hop-by-hop

Hop-by-Hop option

mobility-header

Mobility Header option

no-next-header

No Next Header

routing-header

Routing Header option

unknown-header

Unknown headers are those that are not listed in the above header types
and TCP/UDP/ICMPv6.

TABLE 16

ICMPv6 types and descriptions

Advertising
Popular Brands
Popular manuals