定义禁止访问的元素

set security zones security-zone untrust address-book address yuku-web dns-name www.youku.com
set security zones security-zone untrust address-book address sina-web dns-name www.sina.com.cn
set security zones security-zone untrust address-book address tudou-web dns-name www.tudou.com
set security zones security-zone untrust address-book address v-sohu dns-name v.sohu.com
set security zones security-zone untrust address-book address ku6-web dns-name www.ku6.com

 

 

将这些元素加入某个组:
set security zones security-zone untrust address-book address-set block-web address yuku-web
set security zones security-zone untrust address-book address-set block-web address v-sohu
set security zones security-zone untrust address-book address-set block-web address tudou-web
set security zones security-zone untrust address-book address-set block-web address ku6-web

策略:

set security policies from-zone trust to-zone untrust policy block-web match source-address any
set security policies from-zone trust to-zone untrust policy block-web match destination-address block-web
set security policies from-zone trust to-zone untrust policy block-web match application any
set security policies from-zone trust to-zone untrust policy block-web then deny