Block/Detect black list

IP/domain/url/ssl server_name Block/Detect Sample

Config XML

send syslog to log server 192.168.1.12:514 if block/detect happened

<configSet reboot="no">
    <log>
        <syslog>
            <enable>True</enable>
            <port>M0</port>
            <target>
                <enable>True</enable>
                <dip>192.168.1.12</dip>
                <dport>514</dport>
                <interfaces>P6,P7</interfaces>
                <filter></filter>
                <type>matched</type>
                <subtype>
                    <sip>True</sip>
                    <dip>True</dip>
                    <sport>True</sport>
                    <dport>True</dport>
                    <protocol>True</protocol>
                    <find_id>True</find_id>
                    <find_content>True</find_content>
                </subtype>
            </target>
        </syslog>
    </log>
</configSet>

ARRAY NTB XML (black list sample)

<run>
    <filter id="10000" sessionBase="yes" matchedlog="yes">
        <or>
            <find id="10000" name="ip.addr" relation="==" content="8.8.8.8"/>
        </or>
    </filter>
    <filter id="10001" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10002" name="dns.qry.name" relation="==" content="www.cittv.com.tw"/>
        </or>
    </filter>
    <filter id="10002" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10004" name="http.request.url" relation="==" content="www.whitehollowtransport.com/current-elliott-c-89.html" />
        </or>
    </filter>
    <filter id="10003" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10005" name="ssl.server_name" relation="==" content="facebook.com" />
        </or>
    </filter>
    <filter id="10004" sessionBase="no" matchedlog="yes">
        <or>
            <find id="10006" name="ssl.server_name_public_suffix" relation="==" content=" *.googlevideo.com" />
        </or>
    </filter>
</run>

ARRAY NTB XML(block sample)

<run>
    <chain>
        <in>P6</in>
        <fid>F10000,F10001,F10002,F10003,F10004</fid>
        <out>0</out>
        <next type=”notmatch”>
            <out>P7</out>
        </next>
    </chain>
    <chain>
        <in>P7</in>
        <fid>F10000,F10001,F10002,F10003,F10004</fid>
        <out>0</out>
        <next type=”notmatch”>
            <out>P6</out>
        </next>
    </chain>
</run>

ARRAY NTB XML(detect sample)

<run>
    <chain>
        <in>P6</in>
        <out>P7</out>
    </chain>
    <chain>
        <in>P7</in>
        <out>P6</out>
    </chain>
    <chain>
        <in>P6,P7</in>
        <fid>F10000,F10001,F10002,F10003,F10004</fid>
        <out>0</out>
    </chain>
</run>

PreviousBlock Specific Country NextMobile Edge Computing Breakout

Last updated 1 year ago

<configSet reboot="no"> <log> <syslog> <enable>True</enable> <port>M0</port> <target> <enable>True</enable> <dip>192.168.1.12</dip> <dport>514</dport> <interfaces>P6,P7</interfaces> <filter></filter> <type>matched</type> <subtype> <sip>True</sip> <dip>True</dip> <sport>True</sport> <dport>True</dport> <protocol>True</protocol> <find_id>True</find_id> <find_content>True</find_content> </subtype> </target> </syslog> </log> </configSet>

<run> <chain> <in>P6</in> <fid>F10000,F10001,F10002,F10003,F10004</fid> <out>0</out> <next type=”notmatch”> <out>P7</out> </next> </chain> <chain> <in>P7</in> <fid>F10000,F10001,F10002,F10003,F10004</fid> <out>0</out> <next type=”notmatch”> <out>P6</out> </next> </chain> </run>

<run> <chain> <in>P6</in> <out>P7</out> </chain> <chain> <in>P7</in> <out>P6</out> </chain> <chain> <in>P6,P7</in> <fid>F10000,F10001,F10002,F10003,F10004</fid> <out>0</out> </chain> </run>