Hello, friend.
First, you can run the firewall blacklist enable command to enable the firewall blacklist function. Then you can run the firewall blacklist item command, this command is used to add source IP addresses carrying distrustful packets to the blacklist. When you need to mask packets from users with malicious behaviors, run this command. After an IP address is added to the blacklist successfully, packets from the IP address will be discarded.
NOTE:
When the blacklist function is enabled, the blacklist table is null. Run firewall blacklist item command to add source IP addresses to be filtered.
When you configure the IP address of the firewall blocklist item command, the IP address must be in the format of IPv4 address format, dotted decimal notation.
You can configure the timeout parameter of the firewall blacklist item command, which indicates the aging time. It refers to the duration that an IP address takes effect after it is added to the blacklist. When the time an IP address is added to the blacklist exceeds the aging time, the IP address is released from the blacklist. If you do not specify an aging time, the items in the blacklist cannot become invalid automatically.
Thanks.