rulebase-ips
Syntax
rulebase-ips {
rule (Security IPS Rulebase) rule-name {
description text;
match (Security IDP Policy) {
application (application-name | any | default);
attacks (Security IPS Rulebase) {
custom-attack-groups [attack-group-name];
custom-attacks [attack-name];
dynamic-attack-groups [attack-group-name];
predefined-attack-groups [attack-group-name];
predefined-attacks [attack-name];
}
destination-address (Security IDP Policy) ([address-name] | any | any-ipv4 | any-ipv6);
destination-except [address-name];
from-zone (zone-name | any );
source-address ([address-name] | any | any-ipv4 | any-ipv6);
source-except [address-name];
to-zone (zone-name | any);
}
terminal;
then {
action {
class-of-service {
dscp-code-point number;
forwarding-class forwarding-class;
}
(close-client | close-client-and-server | close-server |drop-connection | drop-packet | ignore-connection | mark-diffserv value | no-action | recommended);
}
ip-action (Security IDP Rulebase IPS) {
(ip-block | ip-close | ip-notify);
log;
log-create;
refresh-timeout;
target (destination-address | service | source-address | source-zone | source-zone-address | zone-service);
timeout seconds;
}
notification {
log-attacks {
alert;
}
packet-log (Security IDP Sensor Configuration) {
post-attack number;
post-attack-timeout seconds;
pre-attack number;
}
}
severity (critical | info | major | minor | warning);
}
}
}
Hierarchy Level
[edit security idp idp-policy policy-name]
Description
Configure the IPS rulebase to detect attacks based on stateful signature and protocol anomalies.
Options
The remaining statements are explained separately. See CLI Explorer.
Required Privilege Level
security—To view this statement in the configuration.
security-control—To add this statement to the configuration.
Release Information
Statement introduced in Junos OS Release 9.2.