Adding a Hardware Filter

Hardware filters of five protocol types are supported, and static filtering is implemented through defining rules and matching actions. When creating a hardware filter, you can directly associate it with a Zone.

Procedure

  1. Choose Defense > Policy Settings > Filter > Hardware Filter.
  2. Click .
  3. On the Basic Information tab, configure basic information about the hardware filter. Table 1 describes the parameters. For details on the rules, see Table 2.

    Table 1 Basic information about the hardware filter
    Parameter Description

    Name

    Indicates the name of a hardware filter.

    The value is a unique string of 1 to 32 case-insensitive letters, digits, and underscores (_).

    Protocol

    Indicates the protocol type.

    The type can be Protocol ID, ICMP, TCP, UDP, and IP. If you select Protocol ID, the text box for entering the protocol ID is displayed. Each ID corresponds to a protocol and ranges from 0 to 255.

    Operation

    Indicates the action, which can be discard and rate limit.

    Rate threshold (Kbps)

    Indicates the rate threshold, which needs to be set when the action is rate limit.

    NOTICE:
    The rate limit unit is an NP chip.

    Click the Rule tab and set rule parameters.

    Table 2 Hardware filter rule
    Parameter Description

    Source IP address

    Indicates the source IP address, which can be an IPv4 address.

    Destination IP address

    Indicates the destination IP address, which can be an IPv4 address.

    Source port

    Indicates the source port, which can be a value or range.

    Destination Port

    Indicates the destination port, which can be a value or range.

    Packet length threshold/range (byte)

    Indicates the packet length range, for example, 100-200.

    TCP Flag

    This parameter is optional and empty by default. The first item in the drop-down list box indicates the default value.

  4. Bind a Zone to the hardware filter.
    1. Click the Associate Device tab.
    2. Click , select a Zone, and click OK.

      Only the Zones whose Deployment Status is Succeeded are displayed on the page. Ensure that the Zone to be bound has been deployed.

  5. Click Deploy.

    • When the Device is associated with the hardware filterand you click Deploy, the hardware filter is deployed on the AntiDDoS and configurations take effect.
    • If only a hardware filter is created and no Zone is associated, after you click Deploy, the hardware filter configuration is saved in the ATIC management center. The hardware filter takes effect only after it is associated with the Zone and deployed again.

Parent topic: Configuring a Hardware Filter (AntiDDoS)
Copyright © Huawei Technologies Co., Ltd.