IP blacklist configuration example
Network requirements
As shown in Figure 125, configure the IP blacklist feature on the device to block packets from the attacker Host D permanently and from Host C for 50 minutes.
Figure 124: Network diagram
Configuration procedure
# Configure IP addresses for the interfaces on the device. (Details not shown.)
# Enable the global blacklist feature.
<Device> system-view [Device] blacklist global enable
# Add an IPv4 blacklist entry for Host D.
[Device] blacklist ip 5.5.5.5
# Add an IPv4 blacklist entry for Host C and set the blacklist entry aging time to 50 minutes.
[Device] blacklist ip 192.168.1.4 timeout 50
Verifying the configuration
# Verify that the IPv4 blacklist entries are successfully added.
<Device> display blacklist ip IP address VPN instance DS-Lite tunnel peer Type TTL(sec) Dropped 5.5.5.5 -- -- Manual Never 0 192.168.1.4 -- -- Manual 2989 0
# Verify that the device drops packets from Host D. (Details not shown.)
# Execute the undo blacklist ip 5.5.5.5 command and verify that the device forwards packets from Host D. (Details not shown.)
# Verify that the device drops packets from Host C for 50 minutes and forwards packets from Host C after 50 minutes. (Details not shown.)