分类: 系统运维
2010-06-02 11:42:02
| inteface fa 0/1 |
| access-list 100 permit icmp any any echo-reply access-list 100 permit icmp any any time-exceeded access-list 100 permit icmp any any traceroute access-list 100 permit icmp any any unreachable access-list 100 permit icmp any any packet-too-big |
| access-list 105 deny ip host 255.255.255.255 any |
防止源广播 spoon deny (host 255.255.255.255) |
| access-list 111 deny ip host 0.0.0.0 any |
防止源 0 spoon |
| access-list 111 deny ip 127.0.0.0 0.255.255.255 any log |
防止源127spoon (deny 127.0.0.0/8 注意,不是host 127.0.0.1) 127.0.0.1是microsoft的 loop地址 |
| access-list 111 deny ip 224.0.0.0 0.255.255.255 any |
|
| 169.254.0.0 0.0.255.255 |
|
| no ip domain-lookup |
|
| ip dns server |
使ROUTER作为DNS SERVER |
| ip dns spooning |
enable使ROUTER对DNS query , request做应答 [acl] |
| ip urlfilter server ... |
enables your Cisco IOS firewall to interact with the Websense URL filtering software (cisco支持websense的一些功能, 两个公司的合作功能) |
