action (Security Rulebase IPS)
Syntax
action {
class-of-service {
dscp-code-point number;
forwarding-class forwarding-class;
}
(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);
}
Hierarchy Level
[edit security idp idp-policy policy-name rulebase-ips rule rule-name then]
Description
Specify the actions you want IDP to take when the monitored traffic matches the attack objects specified in the rules.
Options
no-action—No action is taken. Use this action when you want to only generate logs for some traffic.ignore-connection—Stops scanning traffic for the rest of the connection if an attack match is found. IDP disables the rulebase for the specific connection.mark-diffserv value—Assigns the indicated service-differentiation value to the packet in an attack, then passes them on normally.class-of-service—Associates a class-of-service forwarding class as an action to the IDP policy; also sets the value of the DSCP code point. You can use the default forwarding class names or define new ones. Forwarding-class and dscp-code-point are optional, but one must be set.drop-packet—Drops a matching packet before it can reach its destination but does not close the connection. Use this action to drop packets for attacks in traffic that is prone to spoofing, such as UDP traffic. Dropping a connection for such traffic could result in a denial of service that prevents you from receiving traffic from a legitimate source-IP address.drop-connection—Drops all packets associated with the connection, preventing traffic for the connection from reaching its destination. Use this action to drop connections for traffic that is not prone to spoofing.close-client—Closes the connection and sends an RST packet to the client but not to the server.close-server—Closes the connection and sends an RST packet to the server but not to the client.close-client-and-server—Closes the connection and sends an RST packet to both the client and the server.recommended—All predefined attack objects have a default action associated with them. This is the action that Juniper Networks recommends when that attack is detected.
The actions are listed in the ascending order of severity from low to high. The most severe action is used when there are multiple rule hits for a single session.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2.