Create a Post
cancel
Showing results for 
Search instead for 
Did you mean: 
NeTunnel
Explorer

R80.40 -fwaccel dos blacklist-Questions

Hello,

I want to using the fwaccel dos blacklist command, and I have some questions 

1. Max length command : 

I generate with python script the next command:

fwaccel dos blacklist -a 1.2.3.4 -a 1.2.3.5 -a 8.8.8.8 -a 8.8.8.9 .......

(for block many  IP address on one CLI command )

What is the maximum length/characters that I can put on one line command ?

2.show config-state:

I check the config state after run the fwaccel dos blacklist command ,

I found that the config state is always in :"saved" .

from my conclusions there is no need to run save command after the  fwaccel dos blacklist command, am I right ?

2.Blacklist survey reboot:

The blacklist is delete after the FW is performed a reset/reboot ?

 

0 Kudos
3 Replies
PhoneBoy
Admin
Admin

I believe clish has a limit, but not sure on the exact number of characters.
Expert mode likely has a much higher limit (depends on the bash shell).
Note: for a particularly large number of IPs, you can load the IPs from a file.
See: https://supportcenter.checkpoint.com/supportcenter/portal?eventSubmit_doGoviewsolutiondetails=&solut... 

Configuration automatically saved: it depends.
Refer to the above SK for details.

Blacklist: cleared on reboot.
However, the above SK talks about a way to preload the blacklist.

Put IPs in a file and load it with fwaccel batch load option (-l). Place the command in $FWDIR/conf/fwaccel_dos_rate_on_install and it will be re-loaded on boot.

NeTunnel
Explorer

Hello, Thank for help.

I  accept You are advice and run the command from the Expert mode.

My specific scenario to load TEXT file is not good, Only to Block IP with CLI command 

I will try to run the command: "fwaccel dos blacklist -a 1.2.3.4 -a 1.2.3.5 -a 8.8.8.8 -a 8.8.8.9 ....... " from GW and check the maximum characters length

0 Kudos