firewall {
' Z$ ^3 s- J6 s; C filter saynotovirus% L; B2 c- ]) n2 Q
{
! J/ A1 x& i' |. ?! D- ?0 O9 Y term2 { \( d1 E# z4 V0 } O
udp-deny {' k6 G2 H% H- N9 G7 d
from {
3 ~1 T/ Z% O* H% \; H protocol udp;
8 M0 X' g0 G+ K; w3 q! I port [ 135 137 138 139 445 593 1434 1433 4444 ];// 这里是病毒的端口号" Y u* `8 T7 I9 t4 M
}
" v" k' U9 j: n6 z then {
# r4 V8 v; k# J6 m; [# T) X/ m count virus-upd-deny;8 a, @+ L8 \+ G9 ^
discard;
5 A: e7 q- ^4 W8 g% K- ` }1 H* H }+ F% K) N
}
5 v9 c5 {& A! G2 f term- b( ^4 U3 Q$ u% t9 @2 r
tcp-deny {
3 n' _4 v+ }7 ~5 E! \( N3 s, K from {
5 j5 s; F4 U5 ]( q protocol tcp;
+ X. S/ B* s* z$ v% E port [ 135 138 139 445 593 3333 5800 5900 ];
% X0 p p7 P! H' h$ J1 { }& Y+ A v' I8 f7 c
then {& s# Q: ^0 S9 d& B. _
count virus-tcp-deny;
; j& g n. _4 G% c# F discard;
" z5 `) V7 C+ N) ^ }7 O, j1 U" v' f& C2 @' X: I V
}5 F- Z& r d+ h4 X7 a& W
term others
1 |- P4 g- I, u: R {1 f3 S/ s p# m% n
then accept;. b! b. Y3 F2 B E2 F; i
}$ I' F; E) M% k/ D
}
* r3 I: a+ a9 z }
- m5 T$ Y/ r: n) I ge-2/3/0 {
; \7 t x+ R& O9 W0 B vlan-tagging;
* W/ Z" R. Q* R& e+ p! `8 n unit 10 {
. {" I p6 `. `5 {$ V1 ] description "ge-1/3/0.10,to-c6506-01 ge-3/1";8 s6 v+ g5 }( e3 ]% W
vlan-id 10;1 a: k8 o. n6 `2 A1 [+ }4 P. `
family inet {
" k) m+ \" U6 P filter {
5 g+ c) f6 `1 z( Y k% z" Z input saynotovirus;1 P# Z0 q1 f3 m# l! D' Y/ g
output
! J/ X/ r7 ?; ^8 K4 S4 i( n saynotovirus;. c0 }+ w$ x- ]$ q3 a& i' m- M
}- y5 y8 a s+ j x; C) Y: a* ~( \4 r
address 161.112.10.105/30;+ h ~# v% r! F% ~& i" w: B
}
0 Z2 j" ^+ b! P# @- x( o D I } |
发表于 2012-8-4 12:10:41
