TechHUB - 技术文章 - 网络技术 - 路由交换

首页技术教程实用代码注册破解正则表达式网址导航电子书籍

技术文章 >> 网络技术 >> 路由交换

≡ 分类 ≡

≡ 推荐 ≡

≡ 热点 ≡

<

>

H3C AR18-2X最新典型配置

作者：未知， 来源：网络， 阅读：97， 发布时间：2014-06-28

#修改NAT表项老化时间:

nat aging-time tcp 300
nat aging-time pptp 300
nat aging-time dns 10
nat aging-time ftp-ctrl 300
nat aging-time tcp-fin 10
nat aging-time tcp-syn 10

#禁止发送ICMP报文:

undo icmp redirect send
undo icmp unreach send
#关闭不必要的服务:
undo radius client
undo local-server
undo dhcp enable
undo ftp server
user-interface vty 0 4
protocol inbound telnet

#对私网地址配置黑洞路由:
ip route-static 10.0.0.0 255.0.0.0 NULL 0 preference 60
ip route-static 169.254.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 172.16.0.0 255.240.0.0 NULL 0 preference 60
ip route-static 192.168.0.0 255.255.0.0 NULL 0 preference 60

#配置NTP服务器（针对AR182X等没有时钟电路的设备）
ntp-service unicast-server 207.46.130.100
ntp-service unicast-server 202.112.10.60
#设置LAN口的ACL过滤规则:
acl number 3101
#允许ping报文
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
#过滤常见病毒端口
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
#允许源IP为局域网IP的报文，禁止所有其他报文
rule 2000 permit ip source 192.168.1.0 0.0.0.255
rule 3000 deny ip
# 禁止P2P等应用，一般不需要配置
rule 600 deny tcp destination-port eq 2710
rule 610 deny tcp destination-port eq 6969
rule 620 deny tcp destination-port range 8881 8999
rule 630 deny tcp destination-port eq 10137
rule 640 deny tcp destination-port eq 16881
rule 650 deny tcp destination-port range 4661 4662
rule 660 deny udp destination-port eq 4665
rule 670 deny udp destination-port eq 4672
#设置广域网口过滤规则:
acl number 3102
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp

rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
#允许目的地址是内网IP和telnet端口的报文进入
rule 2000 permit ip destination 192.168.1.0 0.0.0.255
rule 2010 permit tcp destination-port eq 23
rule 3000 deny ip
#允许NTP服务器的报文
rule 2020 permit ip source 202.112.10.60 0
rule 2030 permit ip source 207.46.130.100 0

#禁止P2P等应用，一般不需要配置
rule 600 deny tcp destination-port eq 2710
rule 610 deny tcp destination-port eq 6969
rule 620 deny tcp destination-port range 8881 8999
rule 630 deny tcp destination-port eq 10137
rule 640 deny tcp destination-port eq 16881
rule 650 deny tcp destination-port range 4661 4662
rule 660 deny udp destination-port eq 4665
rule 670 deny udp destination-port eq 4672

标签：H3C AR18 路由器

以下是用户评论查看全部评论