nat flow-defend reverse-blacklist disable

Function

The nat flow-defend reverse-blacklist disable command disables the blacklist on a new flow from the public network to the private network.

The undo nat flow-defend reverse-blacklist disable command enables the blacklist on a new flow from the public network to the private network.

By default, the blacklist function is disabled on the device.

This command is supported only on the NetEngine 8000 F1A.

Format

nat flow-defend reverse-blacklist disable

undo nat flow-defend reverse-blacklist disable

Parameters

None

Views

System view

Default Level

2: Configuration level

Task Name and Operations

Task Name Operations
nat write

Usage Guidelines

Usage Scenario

If no internal server is configured or if no session table entries can be found on the NAT device for public network traffic, the NAT device considers public network-to-private network traffic reaching a specified rate threshold as attack traffic. This function prevents attacks initiated using network first packets on a specified public IP address, public port number, or protocol. The attacks cause high CPU usage, which adversely affects normal traffic. If continuous public attack traffic is transmitted, enable the NAT blacklist function.

Precautions

In VS mode, this command is supported only by the admin VS.

Example

# Disable the blacklist on a new flow from the public network to the private network on the NAT service board.
<HUAWEI> system-view
[~HUAWEI] nat flow-defend reverse-blacklist disable
Parent Topic: NAT Configuration Commands
Copyright © Huawei Technologies Co., Ltd.
Copyright © Huawei Technologies Co., Ltd.
< Previous topic Next topic >