Applying an attack defense policy to the device
An attack defense policy applied to the device itself rather than the interfaces detects packets destined for the device and prevents attacks targeted at the device.
The device uses hardware to implement packet forwarding and uses software to process packets if the packets are destined for the device. The software does not provide any attack defense features, so you must apply an attack defense policy to the device to prevent attacks aimed at the device.
If a device and its interfaces have attack defense policies applied, a packet destined for the device is processed as follows:
The policy applied to the receiving interface processes the packet.
If the packet is not dropped by the receiving interface, the policy applied to the device processes the packet.
To apply an attack defense policy to the device:
Step | Command | Remarks |
|---|---|---|
1. Enter system view. | system-view | N/A |
2. Apply an attack defense policy to the device. | attack-defense local apply policy policy-name | By default, no attack defense policy is applied to the device. |