Users Guide
Using the Local RACADM Command Line Interface 235
Enabling IP Blocking
The following example prevents a client IP address from establishing a session
for five minutes if that client has failed five login attempts in a one-minute
period of time.
racadm config -g cfgRacTuning -o
cfgRacTuneIpRangeEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailCount 5
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailWindow 60
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkPenaltyTime 300
The following example prevents more than three failed attempts within one
minute, and prevents additional login attempts for an hour.
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkEnable 1
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailCount 3
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkFailWindow 60
racadm config -g cfgRacTuning -o
cfgRacTuneIpBlkPenaltyTime 360
cfgRacTuneIpBlkFailWindow The time frame in seconds during which the failure
attempts are counted. When the failures exceed
this limit, they are dropped from the counter.
cfgRacTuneIpBlkPenaltyTime Defines the time span in seconds that login
attempts from an IP address with excessive failures
are rejected.
Table 13-5. Log In Retry Restriction (IP Blocking) Properties (continued)
Property Definition