这是一段关于网络安全的配置说明,主要涉及ACL规则,用于允许特定的TCP和UDP流量到192.168.102.20的445端口,同时阻止了多个与WANA(WannaCry)勒索软件相关的端口,包括135, 137-139和445。配置还包括了一个anti_wana的流量分类器、行为和QoS策略,用于全局的进出流量控制。
acl advanced 3100
rule 10 permit tcp destination 192.168.102.2 0 destination-port eq 445
rule 11 permit udp destination 192.168.102.2 0 destination-port eq 445
rule 105 deny tcp destination-port eq 135
rule 106 deny tcp destination-port eq 137
rule 107 deny tcp destination-port eq 138
rule 108 deny tcp destination-port eq 139
rule 109 deny udp destination-port eq 135
rule 120 deny udp destination-port eq 137
rule 121 deny udp destination-port eq 138
rule 122 deny udp destination-port eq 139
rule 123 deny udp destination-port eq 445
rule 124 deny tcp destination-port eq 445
#
traffic classifier anti_wana operator and
if-match acl 3100
#
traffic behavior anti_wana
filter deny
#
qos policy anti_wana
classifier anti_wana behavior anti_wana
#
qos apply policy anti_wana global inbound
qos apply policy anti_wana global outbound
1495
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
