ip anomaly-drop

Set IP anomaly drop policy

anomaly-drop Specification

Type Configuration Resource
Element Name anomaly-drop
Element URI /axapi/v3/ip/anomaly-drop
Element Attributes anomaly-drop_attributes
Statistics Data URI /axapi/v3/ip/anomaly-drop/stats
Schema anomaly-drop schema

Operations Allowed:

Operation Method URI Payload

Create Object

POST

/axapi/v3/ip/anomaly-drop

anomaly-drop Attributes

Get Object

GET

/axapi/v3/ip/anomaly-drop

anomaly-drop Attributes

Modify Object

POST

/axapi/v3/ip/anomaly-drop

anomaly-drop Attributes

Replace Object

PUT

/axapi/v3/ip/anomaly-drop

anomaly-drop Attributes

Delete Object

DELETE

/axapi/v3/ip/anomaly-drop

anomaly-drop Attributes

Get Stats

GET

/axapi/v3/ip/anomaly-drop/stats

stats data

anomaly-drop Attributes

bad-content

Description: bad content threshold (threshold value)

Type: number

Range: 1-127

drop-all

Description: drop all IP anomaly packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

frag

Description: drop all fragmented packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

ip-option

Description: drop packets with IP options

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

land-attack

Description: drop IP packets with the same source and destination addresses

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

out-of-sequence

Description: out of sequence packet threshold (threshold value)

Type: number

Range: 1-127

packet-deformity

Description: packet-deformity is a JSON Block . Please see below for packet-deformity

Type: Object

ping-of-death

Description: drop oversize ICMP packets

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sampling-enable

Description: sampling-enable is a JSON List . Please see below for sampling-enable

Type: List

security-attack

Description: security-attack is a JSON Block . Please see below for security-attack

Type: Object

tcp-no-flag

Description: drop TCP packets with no flag

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-syn-fin

Description: drop TCP packets with both syn and fin flags set

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

tcp-syn-frag

Description: drop fragmented TCP packets with syn flag set

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

uuid

Description: uuid of the object

Type: string

zero-window

Description: zero window size threshold (threshold value)

Type: number

Range: 1-127

security-attack

Specification
Type object

security-attack-layer-3

Description: drop packets with layer 3 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

security-attack-layer-4

Description: drop packets with layer 4 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

packet-deformity

Specification
Type object

packet-deformity-layer-3

Description: drop packets with layer 3 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

packet-deformity-layer-4

Description: drop packets with layer 4 anomaly

Type: boolean

Supported Values: true, false, 1, 0

Default: 0

sampling-enable

Specification
Type list
Block object keys

counters1

Description: ‘all’: all; ‘land’: land; ‘emp_frg’: emp_frg; ‘emp_mic_frg’: emp_mic_frg; ‘opt’: opt; ‘frg’: frg; ‘bad_ip_hdrlen’: bad_ip_hdrlen; ‘bad_ip_flg’: bad_ip_flg; ‘bad_ip_ttl’: bad_ip_ttl; ‘no_ip_payload’: no_ip_payload; ‘over_ip_payload’: over_ip_payload; ‘bad_ip_payload_len’: bad_ip_payload_len; ‘bad_ip_frg_offset’: bad_ip_frg_offset; ‘csum’: csum; ‘pod’: pod; ‘bad_tcp_urg_offset’: bad_tcp_urg_offset; ‘tcp_sht_hdr’: tcp_sht_hdr; ‘tcp_bad_iplen’: tcp_bad_iplen; ‘tcp_null_frg’: tcp_null_frg; ‘tcp_null_scan’: tcp_null_scan; ‘tcp_syn_fin’: tcp_syn_fin; ‘tcp_xmas’: tcp_xmas; ‘tcp_xmas_scan’: tcp_xmas_scan; ‘tcp_syn_frg’: tcp_syn_frg; ‘tcp_frg_hdr’: tcp_frg_hdr; ‘tcp_bad_csum’: tcp_bad_csum; ‘udp_srt_hdr’: udp_srt_hdr; ‘udp_bad_len’: udp_bad_len; ‘udp_kerb_frg’: udp_kerb_frg; ‘udp_port_lb’: udp_port_lb; ‘udp_bad_csum’: udp_bad_csum; ‘runt_ip_hdr’: runt_ip_hdr; ‘runt_tcp_udp_hdr’: runt_tcp_udp_hdr; ‘ipip_tnl_msmtch’: ipip_tnl_msmtch; ‘tcp_opt_err’: tcp_opt_err; ‘ipip_tnl_err’: ipip_tnl_err; ‘vxlan_err’: vxlan_err; ‘nvgre_err’: nvgre_err; ‘gre_pptp_err’: gre_pptp_err;

Type: string

Supported Values: all, land, emp_frg, emp_mic_frg, opt, frg, bad_ip_hdrlen, bad_ip_flg, bad_ip_ttl, no_ip_payload, over_ip_payload, bad_ip_payload_len, bad_ip_frg_offset, csum, pod, bad_tcp_urg_offset, tcp_sht_hdr, tcp_bad_iplen, tcp_null_frg, tcp_null_scan, tcp_syn_fin, tcp_xmas, tcp_xmas_scan, tcp_syn_frg, tcp_frg_hdr, tcp_bad_csum, udp_srt_hdr, udp_bad_len, udp_kerb_frg, udp_port_lb, udp_bad_csum, runt_ip_hdr, runt_tcp_udp_hdr, ipip_tnl_msmtch, tcp_opt_err, ipip_tnl_err, vxlan_err, nvgre_err, gre_pptp_err

stats data

Counter Size Description
tcp_frg_hdr 8 tcp_frg_hdr
tcp_null_frg 8 tcp_null_frg
over_ip_payload 8 over_ip_payload
udp_bad_csum 8 udp_bad_csum
nvgre_err 8 nvgre_err
tcp_syn_fin 8 tcp_syn_fin
udp_kerb_frg 8 udp_kerb_frg
tcp_syn_frg 8 tcp_syn_frg
tcp_bad_iplen 8 tcp_bad_iplen
ipip_tnl_err 8 ipip_tnl_err
csum 8 csum
tcp_xmas 8 tcp_xmas
pod 8 pod
tcp_bad_csum 8 tcp_bad_csum
emp_frg 8 emp_frg
frg 8 frg
bad_ip_ttl 8 bad_ip_ttl
bad_ip_frg_offset 8 bad_ip_frg_offset
tcp_sht_hdr 8 tcp_sht_hdr
tcp_xmas_scan 8 tcp_xmas_scan
no_ip_payload 8 no_ip_payload
udp_bad_len 8 udp_bad_len
opt 8 opt
vxlan_err 8 vxlan_err
bad_ip_payload_len 8 bad_ip_payload_len
runt_ip_hdr 8 runt_ip_hdr
runt_tcp_udp_hdr 8 runt_tcp_udp_hdr
emp_mic_frg 8 emp_mic_frg
bad_ip_hdrlen 8 bad_ip_hdrlen
tcp_null_scan 8 tcp_null_scan
land 8 land
tcp_opt_err 8 tcp_opt_err
bad_ip_flg 8 bad_ip_flg
udp_srt_hdr 8 udp_srt_hdr
udp_port_lb 8 udp_port_lb
bad_tcp_urg_offset 8 bad_tcp_urg_offset
gre_pptp_err 8 gre_pptp_err
ipip_tnl_msmtch 8 ipip_tnl_msmtch