Controls the IP blacklist in SecureXL. The blacklist blocks all traffic to and from the specified IP addresses.
The blacklist drops occur in SecureXL, which is more efficient than an Access Control Policy to drop the packets.
This can be very helpful e.g. with DoS attacks to block an IP on SecureXL level.
For example, the traffic from and to IP 184.108.40.206 should be blocked at SecureXL level.
On gateway set the IP 220.127.116.11 to Secure XL blacklist:
# fwaccel dos blacklist -a 18.104.22.168
On gateway displays all IP's on the SecureXL blacklist:
# fwaccel dos blacklist -s
On gateway delete the IP 22.214.171.124 from Secure XL blacklist:
# fwaccel dos blacklist -d 126.96.36.199
Very nice new function in R80.20!
Furthermore there are also the Penalty Box whitelist in SecureXL.
The SecureXL Penalty Box is a mechanism that performs an early drop of packets that arrive from suspected sources. The purpose of this feature is to allow the Security Gateway to cope better under high traffic load, possibly caused by a DoS/DDoS attack. The SecureXL Penalty Box detects clients that sends packets, which the Access Control Policy drops, and clients that violate the IPS protections. If the SecureXL Penalty Box detect a specific client frequently, it puts that client in a penalty box. From that point, SecureXL drops all packets that arrive from the blocked source IP address. The Penalty Box whitelist in SecureXL lets you configure the source IP addresses, which the SecureXL Penalty Box never blocks.
More under this link:
Command Line Interface R80.20 Reference Guide
➜ CCSM Elite, CCME, CCTE