How do you shun with an IDS while in command line? I know how to shun from the GUI but I haven't been able to find the command string to shun from CLI.
I will have the 4200 (6.0) send shuns to a PIX 7.0.
The link provided works for IPS 6.0 and earlier. But is not really recommended.
In IPS 6.1 a new "block" command was added into the CLI to support blocking:
The difference is that in 6.0 the cli method actually added the Blocked Host into the "configuration" of the sensor. It is managed differently than entries added dynamically by sensorApp during signature triggerings or added through IDM (or IME). The biggest difference is that all "configuration" blocks are considered permamnent (not time based). If you remove a "configuration" block it does not actually get removed. You have to remove the "configuration" block AND then go through IDM and remove it again. Because when a "configuration" block gets removed, the block still exists but is now managed the way IDM blocks are managed. So it must be removed twice.
The intention is to remove the "configuration" blocks in future versions, and instead a new "block" CLI command is added in IPS 6.1. The new "block" command is managed the same way as the IDM blocking.
So if you want to manage blocking through the CLI you should really upgrade to IPS 6.1. If using IPS 6.0 or earlier you are better off only using IDM.
For IPS 6.1 "block" command examples:
Have a look at this: