Chinaunix首页 | 论坛 | 博客
  • 博客访问: 170244
  • 博文数量: 42
  • 博客积分: 1425
  • 博客等级: 上尉
  • 技术积分: 530
  • 用 户 组: 普通用户
  • 注册时间: 2009-07-09 14:21
文章存档

2011年(1)

2009年(41)

我的朋友

分类: 网络与安全

2009-07-13 21:10:22

config)#access-list compiled     ----查找每个访问列表的时间是固定的,可以快速的查找访问控制列表
#show access-list compiled       ----查看compiled访问列表
config)#access-list 80 permit host 192.168.1.1   ----创建访问控制列表80
config)#snmp-server community snmp-host1 ro 80   ----只有访问控制列表80中的主机可以访问snmp服务
config)#access-list 12 deny 16.2.2.0 0.0.0.255
config)#access-list 12 permit any
config)#router ospf 1
config-router)#distribute-list 12 out            ----调用访问列表12,拒绝16.2.2.0的路由通告给别的路由器
config)#access-list 10 permit tcp any 16.2.1.0 0.0.0.255 established   ----关闭tcp同步(当进来的数据包必须带有ack才可以进入)
config)#ip tcp intercept list 110   ----对110访问控制列表进行监控
关闭smurf攻击
config)#access-list 111 deny ip any host 16.2.1.255 log
config)#access-list 111 deny ip any host 16.2.1.0 log
config)#interface e0/0
config-if)#ip access-group 111 in
关闭filtering icmp messages-inbound
config)#access-list 112 deny icmp any any echo log
config)#access-list 112 deny icmp any any redirech log
config)#access-list 112 deny icmp any any mask-request log
config)#access-list 112 permit icmp any 16.2.1.0 0.0.0.255
config)#interface e0/0(外网接口)
config-if)#ip access-group 112 in
关闭filtering icmp messages-outbound
config)#access-list 114 permit icmp 16.2.1.0 0.0.0.255 any echo
config)#access-list 114 permit icmp 16.2.1.0 0.0.0.255 any parameter-problem
config)#access-list 114 permit icmp 16.2.1.0 0.0.0.255 any packet-too-big
config)#access-list 114 permit icmp 16.2.1.0 0.0.0.255 any source-quench
config)#access-list 114 deny icmp any any log
config)#interface e0/1(内网接口)
config-if)#ip access-group 114 in
关闭filtering icmp traceroute messages
config)#access-list 120 deny udp any any range 33400 34400 log
config)#interface e0/0(外网口)
config-if)#ip access-group 120 in
config)#access-list 121 permit udp 16.2.1.0 0.0.0.255 any range 33400 34400 log
config)#interface e0/1(内网口)
config-if)#ip access-group 121 in
关闭ddos attack mitigation-trin00
config)#access-list 190 deny tcp any any eq 27665 log
config)#access-list 190 deny udp any any eq 31335 log
config)#access-list 190 deny udp any any eq 27444 log
关闭ddos attack mitigation-stacheldraht
config)#access-list 190 deny udp any any eq 16660 log
config)#access-list 190 deny udp any any eq 65000 log
关闭ddos attack mitigation-subseven
config)#access-list 190 deny tcp any any range 6711 6712 log
config)#access-list 190 deny tcp any any eq 6776 log
config)#access-list 190 deny tcp any any eq 6669 log
config)#access-list 190 deny tcp any any eq 2222 log
config)#access-list 190 deny tcp any any eq 7000 log

 
阅读(877) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~