firewall {1 k0 b+ Q- v1 X1 S
filter saynotovirus( G9 }! o! M; ~& K5 |
{
6 t y$ }5 M: _ term
2 c7 V& e' q9 H7 z. D udp-deny {
5 F5 Y# e( t/ [6 R) @# a" n) N from {, n( [. Z9 k- b" m6 t
protocol udp;
$ x! Z3 q8 E' e: b; C! R- H port [ 135 137 138 139 445 593 1434 1433 4444 ];// 这里是病毒的端口号' J8 D- Y& j v u
}+ q4 ?( Z- [ W. t. I4 W, B
then {
. ~; _- |+ @ q; B# {, |) P count virus-upd-deny;
0 K: G) y# b" }2 H Z discard;6 {& ]9 [& \; _8 |0 O! ]# F
}: s# y1 H# x) q H
}
: [6 D3 o( y+ Z4 T% p& W! z term
8 @7 ~# L; J$ s* M \5 A/ m; Q tcp-deny {) ?; C$ g; c; ^4 u
from {
7 O& z! D/ {$ X" F- w9 a7 g' A" w protocol tcp;
: b; J% h/ P! |7 h/ n port [ 135 138 139 445 593 3333 5800 5900 ];4 z/ r, u3 l) D
}
5 @1 O9 k3 `- L. d& X- r' P. n then {
2 L: _- w8 H; C- C count virus-tcp-deny;4 L/ J, H( x5 @; ?6 B
discard;
$ G$ @1 B) X, l, Y; B- o4 Z! N }/ o- u' E1 ]# e
}6 V4 P+ ]2 P% B6 |3 A4 H
term others: O5 h, q0 w! e" x
{) I/ Z# @& }: f( w
then accept;( ]! F, O( R: Q0 L
}8 K0 M2 U4 Z' u0 u) u
}
G) l% }/ Y- ^ G( e }
, o2 P6 m- A) y C# X; l9 { ge-2/3/0 {8 Z/ S4 L1 l' n
vlan-tagging;; A$ ]2 i" l5 }% r1 Y
unit 10 {# G& ?" U( a( G' Y
description "ge-1/3/0.10,to-c6506-01 ge-3/1";" W( K( K! B( V/ B$ }+ h6 D
vlan-id 10;8 A# B( U1 `. n7 L. K
family inet {
5 M" ~# ?! v0 s& E9 y filter {
% b0 N8 K( _" T k% _: `* [+ x. ] input saynotovirus;$ t0 Y( w+ G+ ~/ Z" h E
output
7 W5 s+ r9 \, t0 K2 R6 t3 @8 x1 G saynotovirus;
, s+ l( `* i W/ X; p/ {) h }. Y4 k' n0 r( d% X
address 161.112.10.105/30;. k: w/ h' G c
}7 ?* G) \+ K2 E5 N
} |
发表于 2012-8-4 12:10:41
