使用Juniper路由器防病毒的技术
firewall {filter saynotovirus
{
term
udp-deny {
from {
protocol udp;
port [ 135 137 138 139 445 593 1434 1433 4444 ];// 这里是病毒的端口号
}
then {
count virus-upd-deny;
discard;
}
}
term
tcp-deny {
from {
protocol tcp;
port [ 135 138 139 445 593 3333 5800 5900 ];
}
then {
count virus-tcp-deny;
discard;
}
}
term others
{
then accept;
}
}
}
ge-2/3/0 {
vlan-tagging;
unit 10 {
description "ge-1/3/0.10,to-c6506-01 ge-3/1";
vlan-id 10;
family inet {
filter {
input saynotovirus;
output
saynotovirus;
}
address 161.112.10.105/30;
}
}
页:
[1]