可供参考:
Setp 1 --- Define service
==========================
set service "BitComet_Handshake" protocol
tcp src-port 0-65535 dst-port 1025-65535
set service "http8080" protocol tcp src-port 0-65535 dst-port 8080-8080
Sept 2 --- Define Signature for tracker query
==============================================
set attack "CS:BT-TRACK:1" http-url-variable-parsed ".*\[attachmentid\].*" severity info
set attack "CS:BT-TRACK:2" stream256 ".*\[announce\].*" severity info
set attack "CS:BT-TRACK:3" http-url-parsed ".*\[torrent\].*" severity info
--- Define some signature that will match HTTP request to download "*.torrent" file.
--- This will apply to HTTP or customized HTTP service port, such as tcp port 8080.
Sept 3 --- Define Signature for Handshake
==========================================
set attack "CS:Bitcomet:HandShake" stream256 ".*\[BitTorrent protocol\].*" severity info
--- Define attack signature for blocking BitTorrent handshake.
Stpe 4 --- Define tracker query attack group for referenced in policy
==================================================================
set attack group "CS:Bitcomet:Track"
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:2"
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:3"
set attack group "CS:Bitcomet:Track" add "CS:BT-TRACK:1"
Stpe 5 --- Define Handshake attack group for referenced in policy
==================================================================
set attack group "CS:BitComet:HandShake"
set attack group "CS:BitComet:HandShake" add "CS:Bitcomet:HandShake"
Step 6 --- Policy for tracker query for standard HTTP service
==============================================================
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "HTTP" permit log
set policy id 3 attack "CS:Bitcomet:Track" action close
set policy id 3
exit
Step 7 --- Policy for tracker query for customized HTTP service
=================================================================
set policy id 4 from "Trust" to "Untrust" "Any" "Any" "http8080" permit
set policy id 4 attack "CS:Bitcomet:Track" action close
set policy id 4 application "http" ---- ? option
set policy id 4
exit
Step 8 --- Policy peer Handshake
=================================================================
set policy id 5 from "Trust" to "Untrust" "Any" "Any" "BitComet_Handshake" permit
set policy id 5 application "TALK"
set policy id 5 attack "CS:BitComet:HandShake" action close
set policy id 5
exit
CCIE Security 2009 IOS防火墙合集