rule (IDS MS-DPC)
Syntax
rule rule-name {
match-direction (input | output | input-output);
term term-name {
from {
application-sets set-name;
applications [ application-names ];
destination-address (address | any-unicast) <except>;
destination-address-range low minimum-value high maximum-value <except>;
source-address (address | any-unicast) <except>;
source-address-range low minimum-value high maximum-value <except>;
}
then {
aggregation (IDS) {
destination-prefix prefix-value | destination-prefix-ipv6 prefix-value;
source-prefix prefix-value | source-prefix-ipv6 prefix-value;
}
(force-entry | ignore-entry);
logging {
syslog;
threshold rate;
}
session-limit {
by-destination (IDS MS-DPC) {
hold-time seconds;
maximum number;
packets number;
rate number;
}
by-pair (IDS MS-DPC) {
hold-time seconds;
maximum number;
packets number;
rate number;
}
by-source (IDS MS-DPC) {
hold-time seconds;
maximum number;
packets number;
rate number;
}
}
syn-cookie {
mss value;
threshold rate;
}
}
}
}
Description
Specify the rule the router uses when applying this service on the MS-DPC.
Options
rule-name—Identifier
for the collection of terms that constitute this rule.
Required Privilege Level
interface—To view this statement in the configuration.
interface-control—To add this statement to the configuration.
Release Information
Statement introduced before Junos OS Release 7.4.