根据前期的配置和资料查询总结的H3C防火墙ACL安全规则(也适合路由器)
首先,定义高级ACL访问控制列表3000
acl num 3000
rule 1 deny udp destination-port eq 69
rule 2 deny udp destination-port eq 135
rule 3 deny tcp destination-port eq 135
rule 4 deny udp destination-port eq 137
rule 5 deny udp destination-port eq 138
rule 6 deny udp destination-port eq 139
rule 7 deny tcp destination-port eq 139
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 445
rule 10 deny udp destination-port eq 593
rule 11 deny tcp destination-port eq 593
rule 12 deny tcp destination-port eq 1022
rule 13 deny tcp destination-port eq 1023
rule 14 deny tcp destination-port eq 1025
rule 15 deny tcp source-port eq 1034 destination-port eq 80
rule 16 deny tcp destination-port eq 1068
rule 17 deny tcp destination-port eq 1433
rule 18 deny udp destination-port eq 1434
rule 19 deny tcp destination-port eq 1871
rule 20 deny tcp destination-port eq 2745
rule 21 deny tcp destination-port eq 3127
rule 22 deny tcp destination-port eq 3208
rule 23 deny tcp destination-port eq 4331
rule 24 deny tcp destination-port eq 4334
rule 25 deny tcp destination-port eq 4444
rule 26 deny tcp destination-port eq 4510
rule 27 deny tcp destination-port eq 4557
rule 28 deny tcp destination-port eq 5554
rule 29 deny tcp destination-port eq 5800
rule 30 deny tcp destination-port eq 5900
rule 31 deny tcp destination-port eq 6129
rule 32 deny tcp destination-port eq 6667
rule 33 deny tcp destination-port eq 9995
rule 34 deny tcp destination-port eq 9996
rule 35 deny tcp destination-port eq 10080
rule 36 deny udp source-port eq bootps
rule 37 permit icmp icmp-type echo
rule 38 permit icmp icmp-type echo-reply
rule 39 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 2 deny udp destination-port eq 135
rule 3 deny tcp destination-port eq 135
rule 4 deny udp destination-port eq 137
rule 5 deny udp destination-port eq 138
rule 6 deny udp destination-port eq 139
rule 7 deny tcp destination-port eq 139
rule 8 deny udp destination-port eq 445
rule 9 deny tcp destination-port eq 445
rule 10 deny udp destination-port eq 593
rule 11 deny tcp destination-port eq 593
rule 12 deny tcp destination-port eq 1022
rule 13 deny tcp destination-port eq 1023
rule 14 deny tcp destination-port eq 1025
rule 15 deny tcp source-port eq 1034 destination-port eq 80
rule 16 deny tcp destination-port eq 1068
rule 17 deny tcp destination-port eq 1433
rule 18 deny udp destination-port eq 1434
rule 19 deny tcp destination-port eq 1871
rule 20 deny tcp destination-port eq 2745
rule 21 deny tcp destination-port eq 3127
rule 22 deny tcp destination-port eq 3208
rule 23 deny tcp destination-port eq 4331
rule 24 deny tcp destination-port eq 4334
rule 25 deny tcp destination-port eq 4444
rule 26 deny tcp destination-port eq 4510
rule 27 deny tcp destination-port eq 4557
rule 28 deny tcp destination-port eq 5554
rule 29 deny tcp destination-port eq 5800
rule 30 deny tcp destination-port eq 5900
rule 31 deny tcp destination-port eq 6129
rule 32 deny tcp destination-port eq 6667
rule 33 deny tcp destination-port eq 9995
rule 34 deny tcp destination-port eq 9996
rule 35 deny tcp destination-port eq 10080
rule 36 deny udp source-port eq bootps
rule 37 permit icmp icmp-type echo
rule 38 permit icmp icmp-type echo-reply
rule 39 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
将此规则应用到公网接口的数据包进入方向
int eth0/0
firewall packet-filter 3000 inbound
转载于:https://blog.51cto.com/sfwang/196055
4709
被折叠的 条评论
为什么被折叠?
到【灌水乐园】发言
