This section describes how to create a hardware filter and associate the filter with a Zone for the cleaning device to perform static filtering on the traffic destined for the Zone.
Hardware Filter Types
The AntiDDoS provides five types of hardware filters, including protocol ID, ICMP, TCP, UDP, and IP filters. For details, see Table 1.
Each device supports a maximum of 32 hardware filters.
| Protocol | Filtering Content |
|---|---|
| User-defined protocol ID | Source IP address, destination IP address, and packet length |
| IP protocol | Source IP address, destination IP address, and packet length |
| TCP hardware protocol | Source IP address, destination IP address, packet length, source port, destination port, packet length, and TCP flag |
| UDP hardware protocol | Source IP address, destination IP address, packet length, source port, and destination port |
| ICMP hardware protocol | Source IP address, destination IP address, and packet length |
Hardware Filter Template
The ATIC management center provides 22 common hardware filter templates by default.
| Chargen_Amplification_Attack | Chargen amplification attack |
| SNMP_Amplification_Attack | SNMP amplification attack |
| TFTP_Amplification_AttackTFTP | TFTP amplification attack |
| NTP_Amplification_Attack | NTP amplification attack |
| NetBIOS_Amplification_Attack | NetBIOS amplification attack |
| SSDP_Amplification_Attack | SSDP amplification attack |
| QOTD_Amplification_Attack | QOTD amplification attack |
| Quake_Network_Protocol_Amplification_Attack | Quake amplification attack |
| Steam_Protocol_Amplification_Attack | Stream amplification attack |
| Portmapper_Amplification_Attack | Portmapper amplification attack |
| Microsoft_SQL_Resolution_Service_Amplification_Attack | SQL amplification attack |
| RIPV1_Amplification_Attack | RIPV1 amplification attack |
| Sentinel_Amplification_Attack | Sentinel amplification attack |
| LDAP_Amplification_Attack | LDAP amplification attack |
| QUIC_Amplification_Attack | QUIC amplification attack |
| mDNS_Amplification_Attack | mDNS amplification attack |
| Memcached_Amplification_Attack | Memcached amplification attack |
| SYN-ACK_Attack | Attack using SYN-ACK packets |
| SYN-Large_Attack | Attack using large SYN packets |
| SYN-Short_Attack | Attack using small SYN packets |
| IPMI_Amplification_Attack | IPMI amplification attack |
| CoAP_Amplification_Attack | CoAP amplification attack |
You can edit or delete templates as required.
Hardware Filter Matching Sequence
Hardware filters in the list are matched top down. After a matching hardware filter is found, the action defined in the hardware filter is executed, and the matching ends. If no match is found, hardware filters are matched top down again.
Management Operations
Choose to configure a hardware filter.
| Operation | Description |
|---|---|
Create |
Click |
Modify |
Click |
Delete |
Select the check box for the hardware filter and click |
Search |
Enter part of a hardware filter name or the full name in Name and click |
