zoukankan      html  css  js  c++  java
  • (转)防火墙上的object-group命令实际应用。 (2010-11-11 10:03:53)

    RLooo的博客:http://blog.sina.com.cn/s/blog_59879e3a0100o5w1.html

    使用object-group 能大大简化配置工作量,很实用。

    防火墙上的配置:

    object-group service gjlyd tcp
      description used for hai nai guo ji lv you dao server
      port-object eq 445
      port-object eq ftp
      port-object eq 3389
      port-object eq www
      port-object eq 8080
      port-object eq 1433
    object-group network gjlydser
      network-object host 10.9.2.66
      network-object host 10.9.2.67
      network-object host 10.9.2.68

    access-list inside permit tcp host 10.2.57.67 object-group gjlydser object-group gjlyd
    access-list inside permit tcp host 10.2.57.151 object-group gjlydser object-group gjlyd

    输出:(看着很爽)

    access-list inside line 494 permit tcp host 10.2.57.67 object-group gjlydser object-group gjlyd
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.66 eq 445 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.66 eq ftp (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.66 eq 3389 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.66 eq www (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.66 eq 8080 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.66 eq 1433 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.67 eq 445 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.67 eq ftp (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.67 eq 3389 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.67 eq www (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.67 eq 8080 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.67 eq 1433 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.68 eq 445 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.68 eq ftp (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.68 eq 3389 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.68 eq www (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.68 eq 8080 (hitcnt=0)
    access-list inside line 494 permit tcp host 10.2.57.67 host 10.9.2.68 eq 1433 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 object-group gjlydser object-group gjlyd
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.66 eq 445 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.66 eq ftp (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.66 eq 3389 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.66 eq www (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.66 eq 8080 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.66 eq 1433 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.67 eq 445 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.67 eq ftp (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.67 eq 3389 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.67 eq www (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.67 eq 8080 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.67 eq 1433 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.68 eq 445 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.68 eq ftp (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.68 eq 3389 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.68 eq www (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.68 eq 8080 (hitcnt=0)
    access-list inside line 495 permit tcp host 10.2.57.151 host 10.9.2.68 eq 1433 (hitcnt=0)

  • 相关阅读:
    TensorboardX的使用【有手就⭐系列】
    Python学习记录
    es 之 自定义 mapping(五)
    es 索引和文档 API (四)
    布尔查询(三)
    term 和 match 查询(二)
    使用 Python 批量将数据插入到 ES中
    【flask + vue 前后端分离博客】设计 User 用户(三)
    【flask + vue 前后端分离博客】使用 axios 访问接口(二)
    【flask + vue 前后端分离博客】创建第一个 Flask RESTFul(一)
  • 原文地址:https://www.cnblogs.com/paddingtoneyes/p/11610557.html
Copyright © 2011-2022 走看看