MSR如何配置常见防病毒访问控制列表
常见的访问控制列表如下:
acl number 3333
rule 0 deny udp destination-port eq tftp
rule 1 deny tcp destination-port eq 135
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ns
rule 4 deny udp destination-port eq netbios-dgm
rule 5 deny tcp destination-port eq 139
rule 6 deny udp destination-port eq netbios-ssn
rule 7 deny tcp destination-port eq 445
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 539
rule 10 deny udp destination-port eq 539
rule 11 deny udp destination-port eq 593
rule 12 deny tcp destination-port eq 593
rule 13 deny udp destination-port eq 1434
rule 14 deny udp destination-port eq 1433
rule 15 deny tcp destination-port eq 4444
rule 16 deny tcp destination-port eq 9996
rule 17 deny tcp destination-port eq 5554
rule 18 deny udp destination-port eq 9996
rule 19 deny udp destination-port eq 5554
rule 20 deny tcp destination-port eq 137
rule 21 deny tcp destination-port eq 138
rule 22 deny tcp destination-port eq 1025
rule 23 deny udp destination-port eq 1025
rule 24 deny tcp destination-port eq 9995
rule 25 deny udp destination-port eq 9995
rule 26 deny tcp destination-port eq 1068
rule 27 deny udp destination-port eq 1068
rule 28 deny tcp destination-port eq 1023
rule 29 deny udp destination-port eq 1023
rule 30 permit icmp icmp-type echo
rule 31 permit icmp icmp-type echo-reply
rule 32 permit icmp icmp-type ttl-exceeded
rule 33 deny icmp
进入相应的内网口和外网口,下发到inbound方向
如interface ethernet 1/0
firewall packet-filter 3333 inbound
需要注意的是,如果要开通一些应用,如L2TP、DNS、DHCP、WWW、TFTP等,要把相应端口打开。
该案例暂时没有网友评论
✖
案例意见反馈
亲~登录后才可以操作哦!
确定你的邮箱还未认证,请认证邮箱或绑定手机后进行当前操作