rule (IDS MS-MPC)
Syntax
rule { match-direction (input | output | input-output); term { then { aggregation (IDS) { destination-prefix prefix-value | destination-prefix-ipv6 prefix-value; source-prefix prefix-value | source-prefix-ipv6 prefix-value; } allow-ip-options { any; loose-source-route; route-record; route-alert; security; stream-id; strict-source-route; timestamp; } allow-ipv6-extension-header { any; ah; dstopts; esp; fragment; hop-by-hop; mobility; routing; } icmp-fragment-check; icmp-large-packet-check; land-attack-check (ip-only | ip-port); session-limit { by-destination { by-protocol { icmp { maximum number; packets number; rate number; } tcp { maximum number; packets number; rate number; } udp { maximum number; packets number; rate number; } } maximum number; packets number; rate number; } by-source { by-protocol { icmp { maximum number; packets number; rate number; } tcp { maximum number; packets number; rate number; } udp { maximum number; packets number; rate number; } } maximum number; packets number; rate number; } } tcp-syn-defense; tcp-syn-fragment-check; tcp-winnuke-check; } } }
Hierarchy Level
[edit services ids ]
Description
Configure network attack protection for a service set on an MS-MPC.
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 17.1.