H3C 网吧典型配置

喜哈一组

三星会员

Rank: 4

社区积分: 127
技术积分: 1220

论坛徽章 1

大中小 1楼

2007-7-24 10:57 只看该作者

H3C 网吧典型配置

网吧路由典型配置_H3C
#
acl number 3001
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 202 deny tcp destination-port eq ftp
rule 204 deny tcp destination-port eq 3389
rule 205 permit tcp destination-port eq telnet
rule 2000 permit ip destination 59.65.1.1 0
rule 2001 permit ip destination 192.168.1.0 0.0.0.255
rule 2002 deny ip
acl number 3002
rule 10 deny tcp destination-port eq 445
rule 11 deny udp destination-port eq 445
rule 20 deny tcp destination-port eq 135
rule 21 deny udp destination-port eq 135
rule 30 deny tcp destination-port eq 137
rule 31 deny udp destination-port eq netbios-ns
rule 40 deny tcp destination-port eq 138
rule 41 deny udp destination-port eq netbios-dgm
rule 50 deny tcp destination-port eq 139
rule 51 deny udp destination-port eq netbios-ssn
rule 61 deny udp destination-port eq tftp
rule 70 deny tcp destination-port eq 593
rule 80 deny tcp destination-port eq 4444
rule 90 deny tcp destination-port eq 707
rule 100 deny tcp destination-port eq 1433
rule 101 deny udp destination-port eq 1433
rule 110 deny tcp destination-port eq 1434
rule 111 deny udp destination-port eq 1434
rule 120 deny tcp destination-port eq 5554
rule 130 deny tcp destination-port eq 9996
rule 141 deny udp source-port eq bootps
rule 160 permit icmp icmp-type echo
rule 161 permit icmp icmp-type echo-reply
rule 162 permit icmp icmp-type ttl-exceeded
rule 165 deny icmp
rule 2030 permit ip source 192.168.1.0 0.0.0.255

# 配置缺省路由和黑洞路由

route-static 0.0.0.0 0.0.0.0 142.1.1.1 preference 60
ip route-static 10.0.0.0 255.0.0.0 NULL 0 preference 60
ip route-static 169.254.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 172.16.0.0 255.240.0.0 NULL 0 preference 60
ip route-static 192.168.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 198.18.0.0 255.254.0.0 NULL 0 preference 60

[ 本帖最后由喜哈一组于 2007-8-5 19:17 编辑 ]

TOP

‹‹ 上一主题 | 下一主题 ››

当前时区 GMT+8, 现在时间是 2008-8-22 12:52 京ICP证060528 号