系统集成论坛
标题:
经典华为防火墙配置
[打印本页]
作者:
IT民工
时间:
2010-4-14 16:57
标题:
经典华为防火墙配置
#
sysname Eudemon
#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone trust untrust direction inbound
firewall packet-filter default permit interzone trust untrust direction outbound
#
nat alg enable ftp
nat alg enable dns
nat alg enable icmp
nat alg enable netbios
undo nat alg enable h323
undo nat alg enable hwcc
undo nat alg enable ils
undo nat alg enable pptp
undo nat alg enable qq
undo nat alg enable msn
undo nat alg enable user-define
undo nat alg enable sip
#
firewall mode transparent
firewall unknown-mac unicast flood
firewall unknown-mac broadcast flood
firewall unknown-mac multicast flood
#
firewall defend land enable
firewall defend smurf enable
firewall defend fraggle enable
firewall defend winnuke enable
firewall defend icmp-redirect enable
firewall defend icmp-unreachable enable
firewall defend source-route enable
firewall defend route-record enable
firewall defend tracert enable
firewall defend time-stamp enable
firewall defend ping-of-death enable
firewall defend teardrop enable
firewall defend tcp-flag enable
firewall defend ip-fragment enable
firewall defend large-icmp enable
#
interface Aux0
async mode flow
link-protocol ppp
#
interface Ethernet0/0
#
interface Ethernet1/0
#
interface NULL0
#
interface LoopBack0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface Ethernet0/0
set priority 85
#
firewall zone untrust
add interface Ethernet1/0
set priority 5
#
firewall zone dmz
set priority 50
#
firewall interzone local trust
#
firewall interzone local untrust
#
firewall interzone local dmz
#
firewall interzone trust untrust
#
firewall interzone trust dmz
#
firewall interzone dmz untrust
#
aaa
authentication-scheme default
#
authorization-scheme default
#
accounting-scheme default
#
domain default
#
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
#
return
作者:
workers2
时间:
2010-4-15 10:54
不错呀,看来是行家呀
作者:
zzq294976015
时间:
2010-5-6 16:09
不错
作者:
佳友-孙梦娇
时间:
2011-10-18 11:33
英翔信通(北京)网络科技发展有限公司 我们公司主要代理H3C 华为 渠道代理商 (华为交换机、华为路由器、华为防火墙、华为模块接口卡)、H3C(H3C交换机、H3C路由器、H3C防火墙、H3C模块接口卡)、思科(CISCO交换机、CISCO路由器、CISCO防火墙、CISCO模块接口卡)全线网络产品。专业渠道销售,如果您有需求这方面的产品 可以与我联系 ,价格绝对好,,联系电话:51288157-803 手机:13164237132 QQ:992504381 李勇海
不错 希望大家可以支持一下啊
作者:
毅铭
时间:
2011-10-29 17:54
不错
欢迎光临 系统集成论坛 (http://bbs.xtjc.com/)
Powered by Discuz! X3.1