- 论坛徽章:
- 0
|
|
#\r\nsysname 100F\r\n#\r\nsuper password level 3 cipher $&X(L_RH,.W].9_[>3,%\'Q!!\r\n#\r\nfirewall packet-filter enable\r\nfirewall packet-filter default permit\r\n#\r\nundo insulate\r\n#\r\nfirewall url-filter host enable\r\nfirewall url-filter host default deny\r\nfirewall webdata-filter enable\r\n#\r\nfirewall statistic system enable \r\n#\r\nradius scheme system\r\n#\r\ndomain system \r\n#\r\nlocal-user admin\r\npassword cipher $&X(L_RH,.W].9_[>3,%\'Q!!\r\nservice-type telnet\r\nlevel 3\r\n#\r\nacl number 2000 \r\nrule 0 permit source 192.168.0.0 0.0.255.255 \r\nrule 1 deny \r\n#\r\nacl number 3000 \r\nrule 0 permit ip source 192.168.0.0 0.0.0.255 destination 192.168.0.53 0 \r\nrule 1 permit ip source 192.168.2.0 0.0.0.255 destination 192.168.0.53 0 \r\nrule 2 permit ip source 192.168.3.0 0.0.0.255 destination 192.168.0.53 0 \r\nrule 3 permit ip source 192.168.4.0 0.0.0.255 destination 192.168.0.53 0 \r\nrule 4 permit ip source 192.168.5.0 0.0.0.255 destination 192.168.0.53 0 \r\nrule 5 permit ip source 192.168.6.0 0.0.0.255 destination 192.168.0.53 0 \r\nacl number 3001 \r\nrule 1 deny tcp destination-port eq 3217 \r\nrule 2 deny tcp destination-port eq 1025 \r\nrule 3 deny tcp destination-port eq 5554 \r\nrule 4 deny tcp destination-port eq 9996 \r\nrule 5 deny tcp destination-port eq 1068 \r\nrule 8 deny tcp destination-port eq 137 \r\nrule 9 deny udp destination-port eq netbios-ns \r\nrule 10 deny tcp destination-port eq 138 \r\nrule 11 deny udp destination-port eq netbios-dgm \r\nrule 12 deny tcp destination-port eq 139 \r\nrule 13 deny udp destination-port eq netbios-ssn \r\nrule 14 deny tcp destination-port eq 593 \r\nrule 16 deny tcp destination-port eq 5800 \r\nrule 17 deny tcp destination-port eq 5900 \r\nrule 19 deny tcp destination-port eq 445 \r\nrule 20 deny udp destination-port eq 445 \r\nrule 21 deny udp destination-port eq 1434 \r\nrule 22 deny tcp source-port eq 3217 \r\nrule 23 deny tcp source-port eq 1025 \r\nrule 24 deny tcp source-port eq 5554 \r\nrule 25 deny tcp source-port eq 9996 \r\nrule 26 deny tcp source-port eq 1068 \r\nrule 27 deny tcp source-port eq 135 \r\nrule 28 deny udp source-port eq 135 \r\nrule 29 deny tcp source-port eq 137 \r\nrule 30 deny udp source-port eq netbios-ns \r\nrule 31 deny tcp source-port eq 138 \r\nrule 33 deny tcp source-port eq 139 \r\nrule 34 deny udp source-port eq netbios-ssn \r\nrule 35 deny tcp source-port eq 593 \r\nrule 36 deny tcp source-port eq 4444 \r\nrule 37 deny tcp source-port eq 5800 \r\nrule 38 deny tcp source-port eq 5900 \r\nrule 39 deny tcp source-port eq 8998 \r\nrule 42 deny udp source-port eq 1434 \r\nrule 43 permit ip \r\n#\r\ninterface Aux0\r\nundo detect dsr-dtr\r\nasync mode flow\r\n#\r\ninterface Ethernet0/0\r\ndescription to-FGLAN\r\nip address 192.168.0.200 255.255.255.0 \r\nip address 192.168.0.1 255.255.255.0 sub\r\n#\r\ninterface Ethernet1/0\r\n#\r\ninterface Ethernet1/1\r\n#\r\ninterface Ethernet1/2\r\ndescription dianxing\r\nip address 61.178.23.45 255.255.255.248 \r\nfirewall packet-filter 3001 inbound\r\nnat outbound \r\n#\r\ninterface NULL0\r\n#\r\nfirewall zone local\r\nset priority 100\r\n#\r\nfirewall zone trust\r\nadd interface Ethernet0/0\r\nset priority 85\r\n#\r\nfirewall zone untrust\r\nadd interface Ethernet1/1\r\nadd interface Ethernet1/2\r\nset priority 5\r\n#\r\nfirewall zone DMZ\r\nset priority 50\r\n#\r\nfirewall interzone local trust\r\n#\r\nfirewall interzone local untrust\r\n#\r\nfirewall interzone local DMZ\r\n#\r\nfirewall interzone trust untrust\r\n#\r\nfirewall interzone trust DMZ\r\n#\r\nfirewall interzone DMZ untrust\r\n#\r\nip route-static 0.0.0.0 0.0.0.0 61.178.23.44 preference 80\r\n#\r\nuser-interface con 0\r\nauthentication-mode password\r\nset authentication password cipher $&X(L_RH,.W].9_[>3,%\'Q!!\r\nuser-interface aux 0\r\nuser-interface vty 0 4\r\nset authentication password cipher $&X(L_RH,.W].9_[>3,%\'Q!!\r\n#\r\nreturn |
|
免费注册
发表于 2007-06-08 13:57
