Address object group blacklist configuration example
Network requirements
As shown in Figure 191, configure the address object group blacklist feature on the router to block all packets from subnet 5.5.5.0/24 to prevent attacks from the subnet.
Figure 186: Network diagram
Configuration procedure
# Configure IP addresses for the interfaces on the router. (Details not shown.)
# Enable the global blacklist feature.
<Router> system-view [Router] blacklist global enable
# Create IPv4 address object group obj1. Configure an IPv4 address object with subnet 5.5.5.0/24.
[Router] object-group ip address obj1 [Router-obj-grp-ip-obj1] network subnet 5.5.5.0 24 [Router] quit
# Add IPv4 address object group obj1 to the blacklist.
[Router] blacklist object-group obj1
Verifying the configuration
# Verify that the router drops all packets from subnet 5.5.5.0/24 unless you execute the undo blacklist object-group obj1 command on the router. (Details not shown.)