Updated on 2024-01-24 GMT+08:00

Manually Creating an IP Address Blacklist or Whitelist

Context

  • An IP address blacklist is used to block threats and attacks. After local devices receive IP address blacklists from Huawei Qiankun, they discard the packets with IP addresses matching the IP address blacklists.

    For different threat events, IP address blacklists can be delivered in the following modes:

    • External attack sources: IP address blacklists can be delivered by Huawei Qiankun automatically, security operations experts, and tenants who click Block Attack Source.
    • Compromised hosts: After you click Isolate Host, an IP address blacklist is delivered.

    In addition, you can manually deliver IP address blacklists to specified devices based on the actual network environment or service requirements, improving the flexibility of security protection.

  • IP address whitelists can be delivered by Huawei Qiankun to devices to permit packets with IP addresses matching the whitelists.

High-level tenant accounts have the permission to create and modify their own and lower-level tenant accounts' IP blacklists and whitelists.

When users manually deliver blacklists and whitelists and their number exceeds the upper limit of devices, the system displays a message indicating that the delivery fails.

When Huawei Qiankun automatically delivers blacklists and the number of device blacklists exceeds the upper limit, Huawei Qiankun deletes the earliest-delivered blacklists to ensure successful delivery. If the remaining blacklists are manually delivered by users, Huawei Qiankun fails to deliver the blacklists automatically.

Procedure

  1. Log in to the Huawei Qiankun console, and choose > My Services > Border Protection and Response.
  2. Click Blacklist and Whitelist in the menu bar.
  3. Create an IP address blacklist. The procedure for creating an IP address whitelist is similar.

    Choose Device IP Blacklist > IP Address Blacklist and click Create.

    Figure 1 Creating an IP blacklist

    Parameter

    Description

    Select Device

    Devices to which an IP address blacklist is to be delivered.

    Source/Destination

    Source or destination IP address. The source and destination IP addresses can be delivered at the same time.

    IP Address

    IP address of packets to be blacklisted or permitted.

    The IP address blacklists containing class D reserved addresses (224.0.0.0–239.255.255.255) cannot be delivered.

    Protocol

    IP protocol, which can be set to ANY, TCP, UDP, or ICMP.

    Port

    The value ANY indicates all ports.

    Block Duration

    Validity period of an IP address blacklist.

  4. Click Confirm to deliver the IP address blacklist to specified devices.