悬赏主题
各位帮看看这个配置,是否有问题啊??补充资料#
sysname 46-20 # firewall enable # nat address-group 1 221.7.221.87 221.7.221.88 # radius scheme system # domain system # local-user yhxy password cipher ^^WB,CS)GKCQ=^Q`MAF4<1!! service-type telnet level 3 # traffic classifier p2pin operator or if-match acl 3100 # traffic behavior p2pin car cir 8000 cbs 8000 ebs 0 green pass red discard # qos policy p2pin classifier p2pin behavior p2pin # acl number 2000 rule 0 permit source 192.168.0.0 0.0.255.255 rule 10 deny # acl number 3000 rule 0 deny ip destination 222.76.215.10 0 rule 1 deny ip destination 219.157.11.83 0 rule 2 deny ip destination 211.161.159.90 0 rule 3 deny ip destination 61.152.116.72 0 rule 4 deny ip destination 82.110.105.18 0 rule 5 deny ip destination 61.145.112.13 0 rule 6 deny ip destination 219.150.221.60 0 rule 7 deny ip destination 218.93.124.228 0 rule 8 deny ip destination 61.152.198.41 0 rule 9 deny ip destination 61.152.107.126 0 rule 10 deny ip destination 61.139.55.84 0 rule 11 deny ip destination 202.107.245.44 0 rule 12 deny ip destination 211.95.79.56 0 rule 13 deny ip destination 202.107.209.172 0 rule 14 deny ip destination 221.238.193.5 0 rule 15 deny ip destination 61.184.100.8 0 rule 16 deny ip destination 61.242.169.39 0 rule 17 deny ip destination 202.105.31.85 0 rule 18 deny ip destination 221.238.195.5 0 rule 19 deny ip destination 210.51.188.126 0 rule 20 deny ip destination 219.148.223.23 0 rule 21 deny ip destination 221.229.121.109 0 rule 23 deny ip destination 222.173.30.4 0 rule 24 deny ip destination 61.134.26.159 0 rule 25 deny ip destination 220.169.62.4 0 rule 26 deny ip destination 202.102.48.42 0 rule 27 deny ip destination 202.101.235.119 0 rule 28 deny ip destination 211.95.79.152 0 rule 29 deny ip destination 221.10.254.244 0 rule 30 deny ip destination 61.129.77.135 0 rule 31 deny ip destination 61.129.77.167 0 rule 32 deny ip destination 221.208.208.199 0 rule 33 deny ip destination 219.153.14.206 0 rule 34 deny ip destination 61.129.92.33 0 rule 35 deny ip destination 202.107.225.38 0 rule 36 deny ip destination 61.152.91.8 0 rule 37 deny ip destination 61.172.203.140 0 rule 38 deny ip destination 219.153.18.230 0 rule 39 deny ip destination 61.172.246.62 0 rule 40 deny ip destination 61.129.51.59 0 rule 41 deny ip destination 220.189.243.242 0 rule 42 deny ip destination 218.244.143.84 0 rule 43 deny ip destination 218.92.172.142 0 rule 44 deny ip destination 61.233.41.148 0 rule 45 deny ip destination 219.140.253.2 0 rule 46 deny ip destination 210.188.203.100 0 rule 47 deny ip destination 72.22.69.92 0 rule 48 deny ip destination 61.155.22.107 0 rule 49 deny ip destination 218.22.1.133 0 rule 50 deny ip destination 222.91.99.38 0 rule 51 deny ip destination 219.145.107.240 0 rule 52 deny ip destination 61.129.102.211 0 rule 53 deny ip destination 202.96.116.60 0 rule 54 deny ip destination 218.5.17.110 0 rule 55 deny ip destination 210.51.214.74 0 rule 56 deny ip destination 202.109.122.16 0 rule 57 deny ip destination 202.100.66.166 0 rule 58 deny ip destination 61.144.253.228 0 rule 59 deny ip destination 220.189.249.182 0 rule 60 deny ip destination 219.145.107.112 0 rule 61 deny ip destination 61.141.32.6 0 rule 62 deny ip destination 61.129.251.246 0 rule 63 deny ip destination 222.35.58.109 0 rule 64 deny ip destination 61.129.254.185 0 rule 65 deny ip destination 216.8.177.28 0 rule 66 deny ip destination 219.148.87.71 0 rule 67 deny ip destination 210.51.170.68 0 rule 69 deny ip destination 61.152.144.252 0 rule 73 deny ip destination 218.93.205.100 0 rule 74 deny ip destination 219.145.107.239 0 rule 75 deny ip destination 218.200.117.163 0 rule 76 deny ip destination 61.129.47.156 0 rule 77 deny ip destination 60.191.243.38 0 rule 78 deny ip destination 219.146.159.57 0 rule 79 deny ip destination 61.153.8.12 0 rule 80 deny ip destination 61.138.213.249 0 rule 81 deny ip destination 61.152.146.195 0 rule 82 deny ip destination 61.175.209.99 0 acl number 3001 rule 0 deny ip source 192.168.80.0 0.0.0.255 time-range huawei1 rule 1 deny ip source 192.168.80.0 0.0.0.255 time-range huawei2 rule 2 deny ip source 192.168.81.0 0.0.0.255 time-range huawei1 rule 3 deny ip source 192.168.81.0 0.0.0.255 time-range huawei2 rule 4 deny ip source 192.168.82.0 0.0.0.255 time-range huawei1 rule 5 deny ip source 192.168.82.0 0.0.0.255 time-range huawei2 rule 6 deny ip source 192.168.88.0 0.0.0.255 time-range huawei1 rule 7 deny ip source 192.168.88.0 0.0.0.255 time-range huawei2 rule 8 deny ip source 192.168.89.0 0.0.0.255 time-range huawei1 rule 9 deny ip source 192.168.89.0 0.0.0.255 time-range huawei2 rule 11 deny ip source 192.168.90.0 0.0.0.255 time-range huawei1 rule 12 deny ip source 192.168.90.0 0.0.0.255 time-range huawei2 rule 13 deny ip source 192.168.91.0 0.0.0.255 time-range huawei1 rule 14 deny ip source 192.168.91.0 0.0.0.255 time-range huawei2 acl number 3003 rule 0 deny icmp rule 1 deny tcp destination-port eq 554 rule 2 deny tcp destination-port eq 1022 rule 3 deny tcp destination-port eq 1023 rule 6 deny tcp destination-port eq 2745 rule 7 deny tcp destination-port eq 3140 rule 8 deny tcp destination-port eq 4444 rule 9 deny tcp destination-port eq 4662 rule 10 deny tcp destination-port eq 5554 rule 11 deny udp destination-port eq 6666 rule 12 deny tcp destination-port eq 7626 rule 13 deny tcp destination-port eq 9493 rule 14 deny tcp destination-port eq 9996 rule 15 deny tcp destination-port eq 17300 rule 16 deny tcp destination-port eq 29853 rule 17 deny udp destination-port eq 29853 rule 18 deny tcp destination-port eq 135 rule 19 deny udp destination-port eq 135 rule 20 deny tcp destination-port eq 445 rule 21 deny udp destination-port eq netbios-ns rule 22 deny udp destination-port eq netbios-dgm rule 23 deny tcp destination-port eq 139 rule 24 deny udp destination-port eq netbios-ssn rule 25 deny udp destination-port eq 445 rule 26 deny tcp destination-port eq 593 rule 27 deny udp destination-port eq 593 rule 31 deny tcp destination-port eq 6969 rule 32 deny tcp destination-port range 6881 6889 acl number 3100 rule 1000 permit tcp destination-port gt 6000 rule 1010 permit udp destination-port gt 6000 acl number 3999 rule 0 deny ip source 0.0.0.0 255.255.255.0 time-range huawei1 # interface Aux0 async mode flow # interface Ethernet0/0/0 ip address 192.168.250.10 255.255.255.0 firewall packet-filter 3001 inbound # interface Ethernet0/0/1 ip address 221.7.221.87 255.255.255.98 firewall packet-filter 3003 inbound firewall packet-filter 3000 outbound nat outbound 2000 address-group 1 qos apply policy p2pin inbound # interface NULL0 # time-range huawei1 23:00 to 24:00 Thu Wed Tue Mon Sun time-range huawei2 00:00 to 08:00 Thu Wed Tue Mon Sun # FTP server enable # telnet source-interface Ethernet0/0/0 # ip route-static 0.0.0.0 0.0.0.0 221.7.221.1 preference 60 ip route-static 192.168.0.0 255.255.0.0 192.168.250.1 preference 60 ip route-static 192.168.100.100 255.255.255.255 Ethernet 0/0/1 preference 60 # user-interface con 0 user-interface aux 0 set authentication password cipher [url=mailto:7=S@*E1]N=/Q=^Q`MAF4<1]7=S@*E1]N=/Q=^Q`MAF4<1[/url]!! user-interface vty 0 4 authentication-mode scheme # return
最佳答案 ( 回答者: skywalkerlt )
学习以下
|
|
|
|
