Management General Management Topics Logging and Reporting Multi-Domain Management Policy Management
- Local User Groups
AI & Machine Learning
Does anyone have an example of the syntax to block a port using the fw sam command?
I use these already.
Block src or dst of 188.8.131.52
fw sam -v -l long_noalert -J any 184.108.40.206
block any src/dst for 220.127.116.11/24
fw sam -v -l long_noalert -J subany 18.104.22.168 255.255.255.0
Cancel a block for a subnet 22.214.171.124/26
fw sam -v -C -J subany 126.96.36.199 255.255.255.192
My best guess is to block port udp/11211
fw sam -v -J dstpr any udp/11211
I am willing to bet that that is not right.. Anyone blocked a UDP port before?
Mario Cantu has been trying to find the right combination. It appears to be this format. From Mario yesterday:
fw sam -f localhost -t 3600 -I srvpr 161 UDP
This is for a rule that will last 3600 seconds, service UDP and port 161
I would recommend using fw samp instead of fw sam.
fw samp is SecureXL friendly, whereas fw sam is not.
More details about the mechanism here: How to configure Rate Limiting rules for DoS Mitigation
I believe the correct command line to achieve this is (assuming you want to block UDP port 11211 on any IP):
fw samp add -t 3600 -a d -r 17 -p 11211