ip blacklist packet permit

Function

The ip blacklist packet permit command enables the packets that are filtered out by the blacklist to be sent to the protocol stack.

The undo ip blacklist packet permit command disables the packets that are filtered out by the blacklist from being sent to the protocol stack.

By default, packets that are filtered out by the blacklist are not sent to the protocol stack.

Format

ip blacklist packet permit

undo ip blacklist packet permit

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
ip-stack write

Usage Guidelines

Usage Scenario

After an ACL is configured for services (for example, the snmp-agent acl command is configured for SNMP or the telnet server acl command is configured for Telnet), If TCP or UDP packets are denied by a configured ACL, the ip blacklist packet permit command and its undo format can be used to control the system whether to reply with packets to the source end.

Configuration Impact

After the ip blacklist packet permit command is run, the system will reply with specific packets to the source end based on the type of packet denied by the system.

  • If TCP packets are denied, the system will reply with TCP-RST packets to the source end.
  • If UDP packets are denied, the system will reply with port unreachable packets to the source end.

Example

# Disable the system from replying with packets to the source end.
<HUAWEI> system-view
[~HUAWEI] undo ip blacklist packet permit
# Enable the system to reply with packets to the source end.
<HUAWEI> system-view
[~HUAWEI] ip blacklist packet permit
Parent Topic: IPv4 Basic Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >