请选择 进入手机版 | 继续访问电脑版

晴川综合网-西昌地区开办最早的个人网站之一

搜索
查看: 19262|回复: 0

华为交换机各种配置实例[网管必学]

[复制链接]
发表于 2020-7-6 21:34:48 | 显示全部楼层 |阅读模式
3 ,常见病毒的 ACL
创建 acl
acl number 100
禁 ping
rule deny icmp source any destination any
用于控制 Blaster 蠕虫的传播
rule deny udp source any destination any destination-port eq 69
rule deny tcp source any destination any destination-port eq 4444
用于控制冲击波病毒的扫描和攻击
rule deny tcp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq netbios-ns
rule deny udp source any destination any destination-port eq netbios-dgm
rule deny tcp source any destination any destination-port eq 139
rule deny udp source any destination any destination-port eq 139
rule deny tcp source any destination any destination-port eq 445
rule deny udp source any destination any destination-port eq 445
rule deny udp source any destination any destination-port eq 593
rule deny tcp source any destination any destination-port eq 593
用于控制振荡波的扫描和攻击
rule deny tcp source any destination any destination-port eq 445
rule deny tcp source any destination any destination-port eq 5554
rule deny tcp source any destination any destination-port eq 9995
rule deny tcp source any destination any destination-port eq 9996
用于控制  Worm_MSBlast.A  蠕虫的传播
rule deny udp source any destination any destination-port eq 1434
下面的不出名的病毒端口号   (可以不作)
rule deny tcp source any destination any destination-port eq 1068
rule deny tcp source any destination any destination-port eq 5800
rule deny tcp source any destination any destination-port eq 5900
rule deny tcp source any destination any destination-port eq 10080
rule deny tcp source any destination any destination-port eq 455
rule deny udp source any destination any destination-port eq 455
rule deny tcp source any destination any destination-port eq 3208
rule deny tcp source any destination any destination-port eq 1871
rule deny tcp source any destination any destination-port eq 4510
rule deny udp source any destination any destination-port eq 4334
rule deny tcp source any destination any destination-port eq 4331
rule deny tcp source any destination any destination-port eq 4557
然后下发配置
packet-filter ip-group 100

附件word文档,43页内容比较多,点此下载 20200706.docx (45.09 KB, 下载次数: 2)

回复

使用道具 举报

您需要登录后才可以回帖 登录 | 立即注册

本版积分规则

QQ|小黑屋|手机版|Archiver|晴川综合网(晴川论坛) 蜀ICP备12004085号-1

GMT+8, 2024-3-29 08:22 , Processed in 0.109201 second(s), 18 queries .

Powered by Discuz! X3.4

© 2001-2013 Comsenz Inc.

快速回复 返回顶部 返回列表