Embodiments of the invention disclose a method and a device for automatic defense distributed denial of service attack of a firewall. The method comprises: performing FLOW analysis on data traffic passing through and reaching a firewall device; according to the result of the FLOW analysis, if the result is detected to conform to attack characteristics of a certain distributed denial of service (DDOS) attack type, and the data traffic conforming the attack characteristics is DDOS attack flow, according to correspondence between DDOS attack types and protection security strategy arranged in advance, automatically generating protection security strategy holding up DDOS attack flow, and configuring the generated protection security strategy on the firewall device; and responding to disappearing of the attack characteristics which conform to a certain DDOS attack type, deleting the protection security strategy from the firewall device, the strategy holds up the DDOS attack flow. The method does not need to configure the protection security strategy in a safety regulation base of the firewall device in advance, and automatic defense of DDOS attack can be realized on a universal firewall device.