firewall {
: n% S/ ]- ?8 `0 v# W$ L filter saynotovirus: q1 c) P# c% ~( \/ u0 o
{
; s& S/ N; N$ H7 b& @6 q term3 _9 y( `( i$ P, p% U& m I
udp-deny {, {/ i7 D4 {& W, G$ n' s9 L" Q, |
from {/ x' R2 K/ ^+ b$ Y
protocol udp;1 M% O6 O+ z! P
port [ 135 137 138 139 445 593 1434 1433 4444 ];// 这里是病毒的端口号
) J0 k% }6 N1 b9 n8 K. ]4 g& } }2 Z. g5 c6 E0 ~4 X& C+ X
then {3 t: v# y, p6 M2 T( O4 p$ x
count virus-upd-deny;) r$ E' _$ z( N c+ D
discard;0 `+ U8 e1 r7 e5 \6 @, `. F. s4 s
}! x# G8 g; ]% }4 V& f. W
}! O% {! Y5 U) a) w
term
/ z3 ]. @" }) i tcp-deny {/ u4 M8 c( {8 U% O- A. @
from {; A# w- Z% a) I+ I+ t* F: j: Y
protocol tcp;' n# T0 V" O7 Q
port [ 135 138 139 445 593 3333 5800 5900 ];: M3 Z( \. R- ^5 r& p- q- i* [( d$ n
}$ x% ^9 T, H$ U
then {
9 K2 [1 p, C7 o3 C ] count virus-tcp-deny;' Q. |- |* n' r" t# L' {
discard;' i8 i( n* g7 _: f& G
}
m" s- U3 B" E1 W; @; A Q; R' [ }9 l, M% e" W) i1 y6 A; G; ]: V
term others
( R) \" J- M* ~ W8 g* I {
- i9 S+ I8 j1 s then accept;
" q) G% Y- K# R* s, d }
, H0 L5 j" y$ _/ B5 I0 ^# ^( N9 O3 n }
+ ^* i0 j7 S% F! ^. N$ a0 j" [+ ` }/ o3 o- i6 D4 T' ^- Z
ge-2/3/0 {7 R! r& d1 ~2 W) O# B
vlan-tagging;
) h+ s' Y+ g/ y, M& n0 J, L( f0 R unit 10 {* n; k( J0 X" H
description "ge-1/3/0.10,to-c6506-01 ge-3/1";
5 h" X6 g. I1 B$ o5 Q- R0 v! C" s vlan-id 10;% n9 n) v" m& t5 T" y# m3 Y
family inet {
0 K9 a" t' T9 W0 B2 \4 n6 n4 a filter {- n" K' ^2 f6 i" b4 x7 r M
input saynotovirus;
$ L. b9 b1 O h output) ^% [& [- ?8 x
saynotovirus;
( Z5 o. I [% O }
9 V+ E: {$ Y3 M+ B) l# [& r, } address 161.112.10.105/30;9 X: f6 Z# U* M, U1 s
}
5 H8 a; C& S) Z+ V: } } |
发表于 2012-8-4 12:10:41
