zoukankan      html  css  js  c++  java
  • h3c acl配置一列

    1. acl number 3004 
    2. rule 0 permit ip source 10.2.1.4 0 
    3. rule 1 deny ip source 192.168.1.91 0 
    4. rule 2 deny ip source 192.168.9.6 0 
    5. rule 3 deny ip source 192.168.1.94 0 
    6. rule 4 deny ip source 10.1.3.240 0 
    7. rule 5 permit ip source 10.2.1.40 0 
    8. rule 7 deny ip source 10.2.12.8 0 
    9. rule 8 deny ip source 192.168.2.69 0 
    10. rule 9 deny ip source 10.1.1.20 0 
    11. rule 15 deny ip source 10.2.1.0 0.0.0.255 
    12. rule 20 deny ip source 10.2.17.0 0.0.0.255 
    13. rule 25 deny ip source 10.2.18.0 0.0.0.255 
    14. rule 30 deny ip source 10.2.19.0 0.0.0.255 
    15. rule 35 deny ip source 10.2.16.0 0.0.0.255 
    16. rule 36 deny ip source 192.168.9.2 0 
    17. rule 100 deny ip source 192.168.19.6 0 
    18. rule 200 deny ip source 192.168.9.99 0 
    19. rule 250 deny ip source 192.168.19.5 0 
    20. rule 260 deny ip source 192.168.9.1 0 
    21. acl number 3005 
    22. rule 50 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.9.0 0.0.0.255 
    23. rule 60 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.1.91 0 
    24. rule 70 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.1.90 0 
    25. rule 80 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.1.92 0 
    26. rule 90 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.1.95 0 
    27. rule 100 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.1.7 0 
    28. rule 110 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.19.6 0 
    29. rule 120 deny ip source 10.1.0.0 0.0.255.255 destination 192.168.19.5 0 
    1. interface Vlan-interface999 
    2. ip address 10.20.20.254 255.255.255.0 
    3. packet-filter 3005 inbound 
    4. interface Vlan-interface1000 
    5. ip address 10.10.10.254 255.255.255.0 
    6. packet-filter 3004 outbound 

    关于怎么区分inbound 与 outbound ,:都看成网关, 出网关的是outbound,source ip 是内部ip

    inbound是进网关,source ip是来源ip

    注意2层协议时inbound,outbound刚好相反

    -------------------

    老的S5600 只支持网口做 inboud包过滤,下面是只允许指定电脑进行远程桌面

  • 相关阅读:
    Navicat for MySQL下载、安装与破解
    javaweb之Cookie学习
    static特别用法【静态导包】——Java包的静态导入
    面试感悟----一名3年工作经验的程序员应该具备的技能
    致孩子
    java中的代码块是什么意思,怎么用
    ModelAttribute用法之一
    SpringMVC获取页面数据乱码的解决get/post
    总结过去10年的程序员生涯 (经验)---大神的建议
    hdu 5237 二进制
  • 原文地址:https://www.cnblogs.com/wdfrog/p/10461032.html
Copyright © 2011-2022 走看看