The Dynamic Blacklist (DBL) Policer Profile is a collection of DBL policers applied to restrict traffic from endpoints/peers based on specific events, such as receiving excessive traffic from these entities. Dynamic blacklisting is used more as a mechanism to deal with misbehaving entities rather than preventing malicious attacks.
% set profiles services dblProfile <DBL Profile name> rule <rule name> action <blacklist | watch> actionEffectivePeriod <60-86400 seconds> event <badSipMessage | epCacAggrReject | sipRegistrationFailure> eventPerDayThreshold <0-86400> state <disabled | enabled> state <disabled | enabled> type <sip>
The DBL Profile parameters are described in the table below:
The following example sets DBL profile named "DBP-1" with a rule (named "RULE-1) to watch SIP endpoints every 60 seconds for a bad SIP message. If the number of events per day to be used as a token bucket policer fill rate is 13.
% set profiles services dblProfile DBP-1 rule RULE-1 action watch actionEffectivePeriod 60 event badSipMessage eventPerDayThreshold 13 state enabled % show profiles services dblProfile DBP-1 rule RULE-1 { state enabled; event badSipMessage; action watch; eventPerDayThreshold 13; actionEffectivePeriod 60;