Configuring the address object group blacklist
The address object group blacklist feature filters packets sourced from the subnets specified in the blacklisted address object group.
An address object group can only be manually added to or deleted from the blacklist.
The address object group blacklist feature must be used together with the address object group feature. For more information about address object groups, see "Configuring object groups."
The address object group blacklist is independent of the attack defense policy.
To configure the address object group blacklist:
Step | Command | Remarks |
---|---|---|
1. Enter system view. | system-view | N/A |
2. (Optional.) Enable the global blacklist feature. | blacklist global enable | By default, the global blacklist feature is disabled. |
3. Add an address object group to the blacklist. | blacklist object-group object-group-name | By default, no address object group is added to the blacklist. |
4. Enter interface view. | interface interface-type interface-number | N/A |
5. Enable the blacklist feature on the interface. | blacklist enable | By default, the blacklist feature is disabled on the interface. |