security debug matcher
security debug matcher(1) BIG-IP TMSH Manual security debug matcher(1)
NAME
debug - Configures Debuggability drop redirect mode.
MODULE
security firewall
SYNTAX
Configure drop redirect feature or display stats using the following
syntax.
MODIFY
modify debug
matcher {
drop-redirect {
drop-redirect-mode {
disable
redirect-all
redirect-hw-only
redirect-sw-only
}
}
}
DISPLAY
show debug
drop-redirect-stats
DESCRIPTION
Debuggability drop redirection feature redirects HW dropped packets to
a specified interface. This interface may be set using sys db variable
debug.hwdropredirect.interface. The feature can also redirect only
certain types of drops. This can be done by using sys db variable
debug.doshwdropredirect.disables.
Full List of HW Redirect Modes # Disable GlobalDoSVector drop redirects
bit-0 # Disable sPVADoSVector drop redirects bit-1 # Disable
sPVAIPBlacklist drop redirects bit-2 # Disable sPVAIPRateLimit
drop redirects bit-3 # Disable NeuronBlacklist drop redirects
bit-4 # Disable DuplicateSYN drop redirects bit-5
Once an interface is set-up, redirect-hw-only mode can be enabled as
the following example.
EXAMPLES
modify security debug matcher drop-redirect drop-redirect-mode
redirect-hw-only
Configures dropped packets to be redirected to a specified interface.
BIG-IP 2018-01-10 security debug matcher(1)