≡ 分类 ≡
≡ 推荐 ≡
- Jquery+ajax返回的数据类型为script,且含有多个变量
- PHP类使用详解
- jQuery AJAX success 回调中的返回值处理
- PHP解压缩Gzip文件方法总结
- JavaScript Promise 用法详解
- PHP PDO 导出指定表数据(导入前清空表)
- PHP 中使用 try-catch 捕获错误信息
- JavaScript数组求平均值方法总结
- MySQL 5.7 忘记 root 密码解决方法
- HTML 图片异步加载
- 根据某数组,在另一个数组中检索并输出对应值
- 弹出Div右侧边缘与控件右侧对齐
- 分页的时候从url中移除page页码(多种方案)
- PHP函数之htmlspecialchars的用法
- Qt Designer窗体,QScrollArea里label不能完全撑开
- 用vscode搭建原生app开发环境
≡ 热点 ≡
- 用Javascript为图片img添加onclick事件
- 图解Windows Installer制作软件安装包
- 轻型数据库SQLite结合PHP的研发
- 在没有MySQL支持的虚拟主机,在PHP中使用文本数据库
- PHP之glob函数
- DIY服务器硬盘RAID选用
- PHP代码优化及PHP相关问题总结
- Windows操作系统发展历史二
- 用PHP函数解决SQL injection
- ISP如何在网内部署BGP路由协议
- Div+CSS:absolute与relative
- Photoshop CS3:为美女刷出亮白牙齿
- PHP CURL 发送和接收XML数据
- 采集cz88.net免费代理的小程序
- Fireworks打造热力四射手机广告
- 记录搜索蜘蛛爬行记录的Asp代码
H3C AR18-63同一运营商双线路接入基于用户的负载分担典型配置
作者:未知, 来源:网络, 阅读:123, 发布时间:2014-06-29
<H3C>disp cu
#
sysname H3C
#
undo info-center enable
#
firewall packet-filter enable
#
nat aging-time tcp 300
nat aging-time pptp 300
nat aging-time dns 10
nat aging-time ftp-ctrl 300
nat aging-time tcp-fin 10
nat aging-time tcp-syn 10
#
undo icmp redirect send
undo icmp unreach send
#
ip user-based-sharing enable
ip user-based-sharing route 0.0.0.0 0.0.0.0
#
firewall defend enable
#
flow-interval 5
#
qos carl 1 source-ip-address range 192.168.0.1 to 192.168.0.240 per-address
qos carl 2 destination-ip-address range 192.168.0.1 to 192.168.0.240 per-address
qos carl 3 source-ip-address range 192.168.1.1 to 192.168.1.240 per-address
qos carl 4 destination-ip-address range 192.168.1.1 to 192.168.1.240 per-addres
s
#
dns server 202.96.128.86
dns server 202.96.128.166
#
radius scheme system
#
domain system
#
local-user admin
password simple adminsjwl
service-type telnet
level 3
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.1.255
#
acl number 3101
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip source 192.168.0.0 0.0.1.255
rule 3000 deny ip
acl number 3102
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip destination 192.168.0.0 0.0.1.255
rule 2010 permit tcp destination-port eq telnet
rule 3000 deny ip
acl number 3103
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip destination 192.168.0.0 0.0.1.255
rule 2010 permit tcp destination-port eq telnet
rule 3000 deny ip
#
interface Aux0
async mode flow
#
interface GigabitEthernet1/0
ip address 192.168.1.254 255.255.254.0
arp send-gratuitous-arp 1
firewall packet-filter 3101 inbound
qos car inbound carl 1 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car inbound carl 3 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car outbound carl 2 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car outbound carl 4 cir 800000 cbs 800000 ebs 0 green pass red discard
#
interface GigabitEthernet2/0
loadbandwidth 10240
ip address 125.93.77.202 255.255.255.248
arp send-gratuitous-arp 1
firewall packet-filter 3102 inbound
nat outbound 2000
#
interface GigabitEthernet3/0
loadbandwidth 2048
ip address 125.93.66.210 255.255.255.252
firewall packet-filter 3103 inbound
nat outbound 2000
#
interface GigabitEthernet4/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface GigabitEthernet1/0
add interface GigabitEthernet4/0
set priority 85
#
firewall zone untrust
add interface GigabitEthernet2/0
add interface GigabitEthernet3/0
set priority 5
#
firewall zone DMZ
set priority 50
#
undo dhcp enable
#
ip route-static 0.0.0.0 0.0.0.0 125.93.77.201 preference 60
ip route-static 0.0.0.0 0.0.0.0 125.93.66.209 preference 60
ip route-static 10.0.0.0 255.0.0.0 NULL 0 preference 60
ip route-static 169.254.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 172.16.0.0 255.240.0.0 NULL 0 preference 60
ip route-static 192.168.0.0 255.255.0.0 NULL 0 preference 60
#
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend syn-flood zone trust
firewall defend udp-flood zone trust
firewall defend icmp-flood zone trust
firewall defend syn-flood zone untrust
firewall defend udp-flood zone untrust
firewall defend icmp-flood zone untrust
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
idle-timeout 100 0
protocol inbound telnet
#
return
#
sysname H3C
#
undo info-center enable
#
firewall packet-filter enable
#
nat aging-time tcp 300
nat aging-time pptp 300
nat aging-time dns 10
nat aging-time ftp-ctrl 300
nat aging-time tcp-fin 10
nat aging-time tcp-syn 10
#
undo icmp redirect send
undo icmp unreach send
#
ip user-based-sharing enable
ip user-based-sharing route 0.0.0.0 0.0.0.0
#
firewall defend enable
#
flow-interval 5
#
qos carl 1 source-ip-address range 192.168.0.1 to 192.168.0.240 per-address
qos carl 2 destination-ip-address range 192.168.0.1 to 192.168.0.240 per-address
qos carl 3 source-ip-address range 192.168.1.1 to 192.168.1.240 per-address
qos carl 4 destination-ip-address range 192.168.1.1 to 192.168.1.240 per-addres
s
#
dns server 202.96.128.86
dns server 202.96.128.166
#
radius scheme system
#
domain system
#
local-user admin
password simple adminsjwl
service-type telnet
level 3
#
acl number 2000
rule 0 permit source 192.168.0.0 0.0.1.255
#
acl number 3101
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip source 192.168.0.0 0.0.1.255
rule 3000 deny ip
acl number 3102
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip destination 192.168.0.0 0.0.1.255
rule 2010 permit tcp destination-port eq telnet
rule 3000 deny ip
acl number 3103
rule 10 permit icmp icmp-type echo
rule 20 permit icmp icmp-type echo-reply
rule 30 permit icmp icmp-type ttl-exceeded
rule 40 deny icmp
rule 110 deny tcp destination-port eq 135
rule 120 deny udp destination-port eq 135
rule 130 deny udp destination-port eq netbios-ns
rule 140 deny udp destination-port eq netbios-dgm
rule 150 deny tcp destination-port eq 139
rule 160 deny udp destination-port eq netbios-ssn
rule 170 deny tcp destination-port eq 445
rule 180 deny udp destination-port eq 445
rule 190 deny udp destination-port eq 593
rule 200 deny tcp destination-port eq 593
rule 210 deny tcp destination-port eq 1433
rule 220 deny tcp destination-port eq 1434
rule 230 deny tcp destination-port eq 4444
rule 240 deny tcp destination-port eq 1025
rule 250 deny tcp destination-port eq 1068
rule 260 deny tcp destination-port eq 707
rule 270 deny tcp destination-port eq 5554
rule 280 deny tcp destination-port eq 9996
rule 2000 permit ip destination 192.168.0.0 0.0.1.255
rule 2010 permit tcp destination-port eq telnet
rule 3000 deny ip
#
interface Aux0
async mode flow
#
interface GigabitEthernet1/0
ip address 192.168.1.254 255.255.254.0
arp send-gratuitous-arp 1
firewall packet-filter 3101 inbound
qos car inbound carl 1 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car inbound carl 3 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car outbound carl 2 cir 800000 cbs 800000 ebs 0 green pass red discard
qos car outbound carl 4 cir 800000 cbs 800000 ebs 0 green pass red discard
#
interface GigabitEthernet2/0
loadbandwidth 10240
ip address 125.93.77.202 255.255.255.248
arp send-gratuitous-arp 1
firewall packet-filter 3102 inbound
nat outbound 2000
#
interface GigabitEthernet3/0
loadbandwidth 2048
ip address 125.93.66.210 255.255.255.252
firewall packet-filter 3103 inbound
nat outbound 2000
#
interface GigabitEthernet4/0
#
interface NULL0
#
firewall zone local
set priority 100
#
firewall zone trust
add interface GigabitEthernet1/0
add interface GigabitEthernet4/0
set priority 85
#
firewall zone untrust
add interface GigabitEthernet2/0
add interface GigabitEthernet3/0
set priority 5
#
firewall zone DMZ
set priority 50
#
undo dhcp enable
#
ip route-static 0.0.0.0 0.0.0.0 125.93.77.201 preference 60
ip route-static 0.0.0.0 0.0.0.0 125.93.66.209 preference 60
ip route-static 10.0.0.0 255.0.0.0 NULL 0 preference 60
ip route-static 169.254.0.0 255.255.0.0 NULL 0 preference 60
ip route-static 172.16.0.0 255.240.0.0 NULL 0 preference 60
ip route-static 192.168.0.0 255.255.0.0 NULL 0 preference 60
#
firewall defend land
firewall defend smurf
firewall defend fraggle
firewall defend winnuke
firewall defend icmp-redirect
firewall defend icmp-unreachable
firewall defend source-route
firewall defend route-record
firewall defend tracert
firewall defend ping-of-death
firewall defend tcp-flag
firewall defend ip-fragment
firewall defend large-icmp
firewall defend teardrop
firewall defend ip-sweep
firewall defend port-scan
firewall defend arp-spoofing
firewall defend arp-reverse-query
firewall defend arp-flood
firewall defend frag-flood
firewall defend syn-flood enable
firewall defend udp-flood enable
firewall defend icmp-flood enable
firewall defend syn-flood zone trust
firewall defend udp-flood zone trust
firewall defend icmp-flood zone trust
firewall defend syn-flood zone untrust
firewall defend udp-flood zone untrust
firewall defend icmp-flood zone untrust
#
user-interface con 0
user-interface aux 0
user-interface vty 0 4
authentication-mode scheme
idle-timeout 100 0
protocol inbound telnet
#
return
以下是用户评论查看全部评论