2024年6月13日发(作者:)
# sysname H3C
#
43 63_7 _
8 X3x*G3C
undo info-center enable
#
firewall packet-filter enable
#
nat aging-time tcp 300
nat aging-time pptp 300
nat aging-time dns 10
nat aging-time ftp-ctrl 300
nat aging-time tcp-fin 10
nat aging-time tcp-syn 10
#
undo icmp redirect send
kwd8z$ A&@
undo icmp unreach send
#
ip user-based-sharing enable
m&& Fb7N
ip user-based-sharing route 0.0.0.0 0.0.0.0
9N%g++~2
#
firewall defend enable
# flow-interval 5
#
qos carl 1 source-ip-address range 192.168.0.1 to 192.168.0.240 per-address
K4L8Q
#Y*@{
3 y5G53u{4 v4h0Z
8 $X7w% L$7~3
qos carl 2 destination-ip-address range 192.168.0.1 to 192.168.0.240 per-address
qos carl 3 source-ip-address range 192.168.1.1 to 192.168.1.240 per-address
6 Oa53
8K% +AW#dH+g3n
qos carl 4 destination-ip-address range 192.168.1.1 to 192.168.1.240 per-addres
_+
OA2@3
#
dns server 202.96.128.86
dns server 202.96.128.166
69 A 1@
#
radius scheme system
#
domain system
#
local-user admin
password simple adminsjwl
#
PV —
4 x$K4%D0# 1}74T}1F
9X6xn3U7v& R3{$
E& g%@*_4 E#C$7
service-type telnet
W0@9B& T"G7b3wy
level 3
V1}&x($h 2O 3E
acl number 2000
rule 0 permit source 192.168.0.0 0.0.1.255
#
acl number 3101
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
" n4p$@ *F
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns rule 140 deny udp destination-
port eq netbios-dgm rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
8HVHW #2q5}7K
rule 170 deny tcp
destination-port eq 445
eq 593
+F${ ~m S
3* 4@3S
rule 180 deny udp destination-port eq 445
U% W1n7L%U4q
rule 190 deny udp destination-port eq 593
82~u y5q0@# 7C~5 7Yq
rule 200 deny tcp destination-port
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
k #S% p
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
192.168.0.0 0.0.1.255
rule 3000 deny ip
acl number 3102
_%{7L UxL5{* {
% x4g5b%}w
rule 280 deny tcp destination-port eq 9996
mSN_+Y2Z0x1 P&5Z
rule 2000 permit ip source
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
#L9Y14@&S*
rule 40 deny icmp
8A}95KSgm" w%7xW
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
8 {&X Z4U*
rule 140 deny udp
destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
2Y#D#OQw
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445 …
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
3{+0Zh%n7D5yx
rule 210 deny tcp destination-port eq 1433
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip destination 192.168.0.0 0.0.1.255 rule 2010 permit tcp
destination-port eq telnet
2 8 {+
$H7 FDF
rule 220 deny tcp destination-port eq
1434
5Z3W&9w1SX5y%3w
rule 230 deny tcp destination-port eq 4444 …”
rule 3000 deny ip
acl number 3103
2 Q99dZ2Ag
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
S#Z4{ *}+U0G
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
3 O%GL x6B7q+m5y2 k
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
9R+v2 Z~"T
rule 170 deny tcp
destination-port eq 445
rule 180 deny udp destination-port eq 445 … rule 190 deny udp destination-port
eq 593
5O8*_M* ~+m+x7 o
rule 200 deny tcp destination-port eq 593
destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
&k_%2n40@
4&C G{0g{*W
rule 210 deny tcp
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
+u*D P
rule 260 deny tcp destination-port
eq 707
%B_ W2A4R0&8V
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
2q#W9*~mn
rule 2000 permit ip destination
192.168.0.0 0.0.1.255
2
rule 2010 permit tcp destination-port eq telnet
rule 3000 deny ip
# interface Aux0
#
interface GigabitEthernet1/0
Z7kq1Oy
7 z+p+ y2Y1K
5F7@*&Xy+X9Q
async mode flow
ip address 192.168.1.254 255.255.254.0
*u(kVbM9}&R
arp send-gratuitous-arp 1
0M*ph(Y%
3 q(5B7D&h945AM4 Y
firewall packet-filter 3101 inbound
qos car inbound carl 1 cir 800000 cbs 800000 ebs 0 gree n pass red discard — qos
car inbound carl 3 cir 800000 cbs 800000 ebs 0 green pass red discard qos car
outbound carl 2 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car outbound carl 4 cir 800000 cbs 800000 ebs 0 green pass red discard
#
GL1O%4{ *0
2 kD&P_O
interface GigabitEthernet2/0
2 G3m6$GDhM NmLP
loadbandwidth 10240
+ Oo $u_%
ip address 125.93.77.202 255.255.255.248
arp send-gratuitous-arp 1
firewall packet-filter 3102 inbound
& K7q vQ%B6
nat outbound 2000
#
interface GigabitEthernet3/0
loadbandwidth 2048
#
,
%
ip address 125.93.66.210 255.255.255.252
firewall packet-filter 3103 inbound
nat outbound 2000
#
interface GigabitEthernet4/0
6 A0#y%o6 L Q9
0 x0H23 Oe1a0Vd
#
in terface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface GigabitEthernet1/0
+ u%9Hv h7&O _7G w
add interface GigabitEthernet4/0
set priority 85
#
firewall zone untrust
* $4KMY Bu6k6}%6FV
P9o5 #SYh4W
- • ” ■
add interface GigabitEthernet2/0
o,w+K@ 3e3oQ
add interface GigabitEthernet3/0
set priority 5
#
$qG7Pd8~9H
firewall zone DMZ
set priority 50
#
undo dhcp enable
#
v#L/5A8~Y$p
ip route-static 0.0.0.0 0.0.0.0 125.93.77.201 preference 60
ip route-static 0.0.0.0 0.0.0.0 125.93.66.209 preference 60
ip route-static 10.0.0.0 255.0.0.0 NULL 0 preference 60
7K$DL#F% Z
ip route-static
169.254.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 172.16.0.0 255.240.0.0 NULL 0 preference 60
ip route-static 192.168.0.0 255.255.0.0 NULL 0 preference 60
firewall defend land
Q6T+V9NBq0 #M%}
firewall defend smurf
1V& AU9q 6~2o
firewall defend fraggle
firewall defend winnuke
8 n~% D2B8n OS
firewall defend icmp-redirect
2%bB G8R
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
4R1+@ $p0
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
3V 8Op90_+{+?+DM
3 1D~Q3 k+$Z&
R D1S%T5_{7
4q9WS3~&@&v*e5q9p dh
firewall defend arp-spoofing
* Pp7@M5Z
firewall defend arp-reverse-query
firewall defend arp-flood
# 1R q$m77M
firewall defend frag-flood
firewall defend syn-flood enable …
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend syn-flood zone trust
E630E@*0h4u5H
firewall defe nd udp-flood zone trust
firewall defend icmp-flood zone trust
firewall defend syn-flood zone untrust firewall defend udp-flood zone untrust
firewall defend icmp-flood zone untrust
*P75q#Q4xSB
#
user-interface con 0 user-interface aux 0
user-interface vty 0 4
N9H8E%~6H7n
authentication-mode scheme idle-timeout 100 0
U1P(wq2
protocol inbound telnet
# return
发布评论