Help us improve your experience.

Let us know what you think.

Do you have time for a two-minute survey?

 
ON THIS PAGE
 

ip-action (Security IDP Rulebase IPS)

Syntax

Hierarchy Level

Description

Specify the actions you want IDP to take against future connections that use the same IP address.

Options

ip-block

Block future connections of any session that matches the IP action. If there is an IP action match with multiple rules, then the most severe IP action of all the matched rules is applied. The highest IP action priority (that is, the most severe action) is Drop/Block, then Close, then Notify.
ip-close

Close future connections of any new sessions that match the IP action by sending RST packets to the client and server.
ip-notify

Do not take any action against future traffic, but do log the event.
ip-connection-rate-limit

When a match is made in a rulebase-ddos rule you can set the then action to ip-connection-rate-limit, which will limit the rate of future connections based on a connections per second limit that you set. This can be used to reduce the number of attacks from a client.

  • Syntax: value—Defines the connection rate limit per second on the matched host.

  • Range: 1 to the maximum connections per second capability of the device.
log

Log the information about the IP action against the traffic that matches a rule.
log-create

Generate a log event on installing the ip-action filter.
refresh-timeout

Refresh the ip-action timeout so it does not expire when future connections match the installed ip-action filter.
target

Specify the blocking options that you want to set to block the future connections. Blocking options can be based on the following matches of the attack traffic:

  • Range:

    • destination-address—Matches traffic based on the destination address of the attack traffic.

    • service—For TCP and UDP, matches traffic based on the source address, source port, destination address, and destination port of the attack traffic. This is the default.

      For ICMP flows, the destination port is 0. Any ICMP flow matching source port, source address, and destination address is blocked.

    • source-address—Matches traffic based on the source address of the attack traffic.

    • source-zone—Matches traffic based on the source zone of the attack traffic.

    • source-zone-address—Matches traffic based on the source zone and source address of the attack traffic.

    • zone-service—Matches traffic based on the source zone, destination address, destination port, and protocol of the attack traffic.
timeout

Specify the number of seconds that you want the IP action to remain in effect after a traffic match.

  • Syntax: seconds—Number of seconds the IP action should remain effective.

  • Range: 0 through 64,800 seconds

  • Default: 0 second

Required Privilege Level

security—To view this statement in the configuration.

security-control—To add this statement to the configuration.

Release Information

Statement introduced in Junos OS Release 9.2.

Option log-create and refresh-timeout, and ip-connection-rate-limit introduced in Junos OS Release 10.2.

Note:

For ICMP flows, the destination port is 0; therefore, any ICMP flow matching source port, source address, and destination address is blocked.