好消息,超酷的在线虚拟网络实验室上线了!点击开始实验

为获得更好的浏览效果,建议您使用 Firefox 或者 Chrome 浏览器



 

7.1   包过滤控制访问列表

『需求』

 

日志主机地址10.0.0.8

08:30-18:00禁止报文送出串口

禁止pc telnetRouter

 

 

Router

当前路由器提示视图

依次输入的配置命令,重要的命令红色突出显示

简单说明

 

!

适用版本vrp1.741.44

[Router]

info-center loghost 0 10.0.0.8 7 local7    

记录到日志主机10.0.0.8

[Router]

firewall enable                                 

启动防火墙

[Router]

settr 08:30 18:00

设置special acl的启用时间

[Router]

timerange enable

允许按时间段过滤

 

!                                                   

 

[Router]

acl 2001 match-order auto                          

acl 2001

[Router-acl-1]

rule normal deny source any logging

禁止所有

 

!                                                   

 

[Router]

acl 3000 match-order auto                        

acl 3000

[Router-acl-100]

rule special deny tcp any destination 10.0.1.1 0.0.0.0 destination-port equal telnet logging               

禁止任何源地址telnetRouter,对违反的报文做日志记录

 

!                                                   

 

[Router]

interface Ethernet0                              

进入以太0

[Router-Ethernet0]

ip address 10.0.1.1 255.255.255.0           

配置ip地址

[Router-Ethernet0]

firewall packet-filter 3000 inbound

in方向引用acl3000

 

!                                                   

 

[Router]

interface Serial0                                

进入串口0

[Router-Serial0]

link-protocol ppp                              

封装ppp协议

[Router-Serial0]

ip address 10.0.0.1 255.255.255.0           

配置ip地址

[Router-Serial0]

firewall packet-filter 2001 outbound            

Out方向引用acl 2001

 

!                                                    

 

 

quit                                                

 

[Router]

ip route-static 0.0.0.0 0.0.0.0 Serial 0 preference 60                       

配置静态路由

 

!                                                   

 

 

X Close
X Close