What can I do with excess ACL rules used by a blacklist in local attack defense


Excess ACL rules used by a blacklist do not take effect.

Other related questions:
In local anti-attack, if the ACL rules applied to a blacklist exceed specifications, how to process the excess
The ACL rules that exceed specifications do not continue to take effect in a blacklist.

Configure attack defense on an AR router
Attack defense mainly defends the CPU against attack packets to ensure that the server can normally run in case of an attack. Attack defense configuration is composed of the following parts: enabling attack defense, (optional) configuring flooding defense parameters, super-large ICMP packet defense parameters, and scan attack defense parameters, and checking configuration result. By default, no type of attack defense is enabled. For details about how to configure attack defense of AR series routers using command lines and through the web NMS, see the URL: AR router configuration attack defense .

Matching rules of ACL
The display order of ACL rules determines the ACL matching principles. During ACL matching, a look-up is performed from the first rule displayed in the ACL. When one rule matches, the look-up is completed. The earlier a rule is displayed, the easier for it to be matched. The factors that determine the display order are the rule ID and matching methods. Matching methods include matching in configuration order or in automatic order. If the configuration order is used, the matching will be performed according to the order in which the ACL rules are configured. Rule IDs can be set by users, or can be automatically generated by the system based on the step, which is convenient for rule maintenance and insertion of new rules. For example, the default step of ACL is 5. If the user does not set a rule ID, the first rule ID automatically generated by the system is 5. When the user needs to insert a new rule before rule 5, a rule ID smaller than 5 can be set. The new rule now is the first rule. If the automatic order is used, the system automatically generates rule IDs, and ranks the rules with the highest precision to the top of the list. This can be achieved by comparing the length of the wildcard characters of addresses. The shorter the length is, the smaller the assigned NE range is.

If you have more questions, you can seek help from following ways:
To iKnow To Live Chat
Scroll to top