Hello,
In order to protect ourself from DOS traffic towards our DNS servers, we try to install command similar to the following on our checkpoint security gateway.
Security gateway cluster, R81.20.
fwaccel6 dos rate add -l a -a d -n "DNSintProtectRateIPv6" destination range:xyz1:620:40z:2:0:0:0:110-xyz1:620:40z:2:0:0:0:111 service 17/53 new-conn-rate 250 track source
ERROR: address is too long
ERROR: invalid begin
ERROR: Bad destination 'range:xyz1:620:40z:2:0:0:0:110-xyz1:620:40z:2:0:0:0:111'
We tried with various IPv6 notation, short notation, fully expanded notation, same result.
We tried also with the destination as cidr, with or without mask, same result.
In the documentation and in the forum we could not find examples with the correct notation.
Can we use this command for IPv6? Do you have anexample of a correct syntax for the IPv6 address?
Thanks for you
Christophe