好贷网好贷款

Filtering IP Packets on Router Interfaces with Extended Access Lists

发布时间:2016-12-3 14:45:16 编辑:www.fx114.net 分享查询网我要评论
本篇文章主要介绍了"Filtering IP Packets on Router Interfaces with Extended Access Lists",主要涉及到Filtering IP Packets on Router Interfaces with Extended Access Lists方面的内容,对于Filtering IP Packets on Router Interfaces with Extended Access Lists感兴趣的同学可以参考一下。

Suppose a router is connected to an "internal" Ethernet network and also has a link to the Internet via its serial 0 interface. The internal Ethernet network is the Class B network 131.108.0.0. You want to allow Internet Control Message Protocol (ICMP) messages in from the Internet to the Ethernet network for error-reporting purposes. You also want to allow TCP packets in from the Internet if they are destined to the Simple Mail Transport Protocol (SMTP) port of host 131.108.15.1 or if they are destined to ports greater that 1023 (this setup will allow TCP packets that are in response to connections generated from the internal network). This setup can be accomplished with the following extended access list: access-list 177 permit tcp 0.0.0.0 255.255.255.255 131.108.0.0 0.0.255.255 gt 1023 access-list 177 permit tcp 0.0.0.0 255.255.255.255 131.108.15.1 0.0.0.0 eq 25 access-list 177 permit icmp 0.0.0.0 255.255.255.255 131.108.0.0 0.0.255.255   interface s 0 ip address 207.200.115.6 255.255.255.252 ip access-group 177 in This access list could also be written as: access-list 177 permit tcp any 131.108.0.0 0.0.255.255 gt 1023 access-list 177 permit tcp any host 131.108.15.1 eq smtp access-list 177 permit icmp any 131.108.0.0 0.0.255.255 We could also accomplish the same thing with the following standard named access list: ip access-list extended filter-in permit tcp any 131.108.0.0 0.0.255.255 gt 1023 permit tcp any host 131.108.15.1 eq smtp permit icmp any 131.108.0.0 0.0.255.255   interface s 0 ip address 207.200.115.6 255.255.255.252 ip access-group filter-in in 

上一篇:正确获取硬盘序列号源码.
下一篇:在ASP.NET中自动给URL地址加上超链接

相关文章

相关评论