Chinaunix首页 | 论坛 | 博客
  • 博客访问: 1733914
  • 博文数量: 163
  • 博客积分: 10591
  • 博客等级: 上将
  • 技术积分: 1980
  • 用 户 组: 普通用户
  • 注册时间: 2006-08-08 18:17
文章分类

全部博文(163)

文章存档

2018年(1)

2012年(1)

2011年(47)

2010年(58)

2009年(21)

2008年(35)

分类: 系统运维

2008-04-11 14:36:42

环境
      Cisco 3825 Router
      Cisco IOS Software, 3800 Software (C3825-ADVIPSERVICESK9-M),
      Version 12.4(11)XW5, RELEASE SOFTWARE (fc1)

配置
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
!
appfw policy-name SDM_HIGH
  application im aol
    service default action reset alarm
    service text-chat action reset alarm
    server deny name login.oscar.aol.com
    server deny name toc.oscar.aol.com
    server deny name oam-d09a.blue.aol.com
    audit-trail on
  application im msn
    service default action reset alarm
    service text-chat action reset alarm
    server deny name messenger.hotmail.com
    server deny name gateway.messenger.hotmail.com
    server deny name webmessenger.msn.com
    audit-trail on
  application http
    strict-http action reset alarm
    port-misuse im action reset alarm
    port-misuse p2p action reset alarm
    port-misuse tunneling action reset alarm
  application im yahoo
    service default action reset alarm
    service text-chat action reset alarm
    server deny name scs.msg.yahoo.com
    server deny name scsa.msg.yahoo.com
    server deny name scsb.msg.yahoo.com
    server deny name scsc.msg.yahoo.com
    server deny name scsd.msg.yahoo.com
    server deny name cs16.msg.dcn.yahoo.com
    server deny name cs19.msg.dcn.yahoo.com
    server deny name cs42.msg.dcn.yahoo.com
    server deny name cs53.msg.dcn.yahoo.com
    server deny name cs54.msg.dcn.yahoo.com
    server deny name ads1.vip.scd.yahoo.com
    server deny name radio1.launch.vip.dal.yahoo.com
    server deny name in1.msg.vip.re2.yahoo.com
    server deny name data1.my.vip.sc5.yahoo.com
    server deny name address1.pim.vip.mud.yahoo.com
    server deny name edit.messenger.yahoo.com
    server deny name messenger.yahoo.com
    server deny name http.pager.yahoo.com
    server deny name privacy.yahoo.com
    server deny name csa.yahoo.com
    server deny name csb.yahoo.com
    server deny name csc.yahoo.com
    audit-trail on

参考
HTTP Inspection Engine  http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/h_fwapc.html
Cisco IOS Security Configuration Guide, Release 12.4
http://www.cisco.com/en/US/docs/ios/12_4/secure/configuration/guide/hsec_c.html
阅读(1678) | 评论(0) | 转发(0) |
给主人留下些什么吧!~~