rule 10 deny tcp source-port eq 137
rule 20 deny tcp source-port eq exec
rule 30 deny tcp destination-port eq 135
rule 40 deny tcp destination-port eq 136
rule 50 deny tcp destination-port eq 137
rule 60 deny tcp destination-port eq 138
rule 80 deny tcp destination-port eq 213
rule 100 deny tcp destination-port eq 593
rule 120 deny tcp destination-port eq 2644
rule 130 deny tcp destination-port eq 2645
rule 140 deny tcp destination-port eq 2745
rule 150 deny tcp destination-port eq 3127
rule 160 deny tcp destination-port eq 3128
rule 170 deny tcp destination-port eq 4444
rule 180 deny tcp destination-port eq 5554
rule 190 deny tcp destination-port eq 5800
rule 200 deny tcp destination-port eq 6129
rule 210 deny tcp destination-port eq 6667
rule 220 deny tcp destination-port eq 9995
rule 230 deny tcp destination-port eq 9996
rule 250 deny udp destination-port eq 135
rule 260 deny udp destination-port eq 213
rule 270 deny udp destination-port eq 445
rule 280 deny udp destination-port eq 1434
rule 290 deny udp destination-port eq 2644
rule 300 deny udp destination-port eq 2645
rule 330 deny udp destination-port eq netbios-ssn
rule 340 deny ip source user-group help destination ip-address any
rule 350 deny ip source user-group iptv destination ip-address any
#
acl number 6001
rule 5 permit ip source user-group iptv destination ip-address 10.109.120.0 0.0.0.255
rule 10 permit ip source user-group iptv destination ip-address 125.46.37.128 0.0.0.127
rule 15 permit ip source user-group iptv destination ip-address 61.168.220.0 0.0.3.255
rule 20 permit ip source user-group iptv destination ip-address 61.168.224.0 0.0.7.255
rule 25 permit ip source user-group iptv destination ip-address 61.158.208.0 0.0.15.255
rule 30 permit ip source user-group iptv destination ip-address 61.158.200.0 0.0.7.255
rule 35 permit ip source user-group iptv destination ip-address 202.102.224.68 0
rule 40 permit ip source user-group iptv destination ip-address 202.102.227.68 0
rule 45 permit ip source user-group iptv destination ip-address 61.158.216.0 0.0.0.255
#
acl number 6002
rule 5 permit ip source user-group help destination ip-address 218.29.0.252 0
rule 10 permit ip source user-group help destination ip-address 202.102.224.68 0
rule 15 permit ip source user-group help destination ip-address 202.102.227.68 0
rule 20 permit ip source user-group help destination ip-address 61.168.222.106 0
#
traffic classifier limit operator or
if-match acl 6000 //定义名为limit的类:匹配ACL6000的数据
traffic classifier action operator or //定义名为action的类:匹配ACL6000或 60001的数据
if-match acl 6002
if-match acl 6001
#
traffic behavior limit //定义名为limit的行为:拒绝
deny
traffic behavior action //定义名为action的行为:默认允许
#
traffic policy limit //定义名为limit的策略
classifier action behavior action //先执行本条:对action类的数据(匹配ACL6001 6002)执行允许的操作
classifier limit behavior limit //再执行本条操作:对limit类的数据(匹配ACL3000)执行拒绝操作
//默认对没有定义的类自动放行
剩下的就是将该traffic-policy应用在接口上(NE系列路由器)或者全局下(ME系列BAS设备)
扫一扫
1677
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
