华为设备防病毒acl配置
现创建acl acl number 100 禁ping ruledeny icmp source any destination any 用于控制Blaster蠕虫的传播 ruledeny udp source any destination any destination-port eq 69 ruledeny tcp source any destination any destination-port eq 4444 用于控制冲击
acl number 100
禁ping
rule deny icmp source any destination any
用于控制Blaster蠕虫的传播
rule deny udp source any destination any destination-port eq 69
rule deny tcp source any destination any destination-port eq 4444
用于控制冲击波病毒的扫描和攻击
rule deny tcp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq 135
rule deny udp source any destination any destination-port eq netbios-ns
rule deny udp source any destination any destination-port eq netbios-dgm
rule deny tcp source any destination any destination-port eq 139
rule deny udp source any destination any destination-port eq 139
rule deny tcp source any destination any destination-port eq 445
rule deny udp source any destination any destination-port eq 445
rule deny udp source any destination any destination-port eq 593
rule deny tcp source any destination any destination-port eq 593
用于控制振荡波的扫描和攻击
rule deny tcp source any destination any destination-port eq 445
rule deny tcp source any destination any destination-port eq 5554
rule deny tcp source any destination any destination-port eq 9995
rule deny tcp source any destination any destination-port eq 9996
用于控制 Worm_MSBlast.A 蠕虫的传播
rule deny udp source any destination any destination-port eq 1434
下面的不出名的病毒端口号 (可以不作)
rule deny tcp source any destination any destination-port eq 1068
rule deny tcp source any destination any destination-port eq 5800
rule deny tcp source any destination any destination-port eq 5900
rule deny tcp source any destination any destination-port eq 10080
rule deny tcp source any destination any destination-port eq 455
rule deny udp source any destination any destination-port eq 455
rule deny tcp source any destination any destination-port eq 3208
rule deny tcp source any destination any destination-port eq 1871
rule deny tcp source any destination any destination-port eq 4510
rule deny udp source any destination any destination-port eq 4334
rule deny tcp source any destination any destination-port eq 4331
rule deny tcp source any destination any destination-port eq 4557
然后下发配置
packet-filter ip-group 100
目的:针对目前网上出现的问题,对目的是端口号为1434的UDP报文进行过滤的配置方法,详细和复杂的配置请看配置手册。
NE80的配置:
NE80(config)#rule-map r1 udp any any eq 1434
//r1为role-map的名字,udp 为关键字,any any 所有源、目的IP,eq为等于,1434为udp端口号
NE80(config)#acl a1 r1 deny
//a1为acl的名字,r1为要绑定的rule-map的名字,
NE80(config-if-Ethernet1/0/0)#access-group acl a1
//在1/0/0接口上绑定acl,acl为关键字,a1为acl的名字
NE16的配置:
NE16-4(config)#firewall enable all
//首先启动防火墙
NE16-4(config)#access-list 101 deny udp any any eq 1434
//deny为禁止的关键字,针对udp报文,any any 为所有源、目的IP,eq为等于, 1434为udp端口号
NE16-4(config-if-Ethernet2/2/0)#ip access-group 101 in
//在接口上启用access-list,in表示进来的报文,也可以用out表示出去的报文
中低端路由器的配置
[Router]firewall enable
[Router]acl 101
[Router-acl-101]rule deny udp source any destion any destination-port eq 1434
[Router-Ethernet0]firewall packet-filter 101 inbound
6506产品的配置:
旧命令行配置如下:
6506(config)#acl extended aaa deny protocol udp any any eq 1434
6506(config-if-Ethernet5/0/1)#access-group aaa
国际化新命令行配置如下:
[Quidway]acl number 100
[Quidway-acl-adv-100]rule deny udp source any destination any destination-port eq 1434
[Quidway-acl-adv-100]quit
[Quidway]interface ethernet 5/0/1
[Quidway-Ethernet5/0/1]packet-filter inbound ip-group 100 not-care-for-interface
5516产品的配置:
旧命令行配置如下:
5516(config)#rule-map l3 aaa protocol-type udp ingress any egress any eq 1434
5516(config)#flow-action fff deny
5516(config)#acl bbb aaa fff
5516(config)#access-group bbb
国际化新命令行配置如下:
[Quidway]acl num 100
[Quidway-acl-adv-100]rule deny udp source any destination any destination-port eq 1434
[Quidway]packet-filter ip-group 100
3526产品的配置:
旧命令行配置如下:
rule-map l3 r1 0.0.0.0 0.0.0.0 1.1.0.0 255.255.0.0 eq 1434
flow-action f1 deny
acl acl1 r1 f1
access-group acl1
国际化新命令配置如下:
acl number 100
rule 0 deny udp source 0.0.0.0 0 source-port eq 1434 destination 1.1.0.0 0
packet-filter ip-group 101 rule 0
注:3526产品只能配置外网对内网的过滤规则,其中1.1.0.0 255.255.0.0是内网的地址段。
8016产品的配置:
旧命令行配置如下:
8016(config)#rule-map intervlan aaa udp any any eq 1434
8016(config)#acl bbb aaa deny
8016(config)#access-group acl bbb vlan 10 port all
国际化新命令行配置如下:
8016(config)#rule-map intervlan aaa udp any any eq 1434
8016(config)#eacl bbb aaa deny
8016(config)#access-group eacl bbb vlan 10 port all
Hot AI Tools
Undresser.AI Undress
AI-powered app for creating realistic nude photos
AI Clothes Remover
Online AI tool for removing clothes from photos.
Undress AI Tool
Undress images for free
Clothoff.io
AI clothes remover
Video Face Swap
Swap faces in any video effortlessly with our completely free AI face swap tool!
Hot Article
Hot Tools
Notepad++7.3.1
Easy-to-use and free code editor
SublimeText3 Chinese version
Chinese version, very easy to use
Zend Studio 13.0.1
Powerful PHP integrated development environment
Dreamweaver CS6
Visual web development tools
SublimeText3 Mac version
God-level code editing software (SublimeText3)
Hot Topics
1393
52
37
110
Yu Chengdong revealed that Huawei's tri-fold screen mobile phone will be unveiled in September: the price is not expected to be cheap
Aug 20, 2024 am 06:36 AM
On August 19, Hongmeng held a delivery ceremony for the first batch of Xiangjie S9 owners in Shanghai. Huawei executive Yu Chengdong personally attended and delivered the vehicles to the owners. At the scene, a car owner who already owned Wenjie M5, M7, and M9 asked Yu Chengdong when he could buy Huawei's three-fold screen mobile phone. Yu Chengdong responded that it would be available next month. Fenyefenye Previously, real shots of what appeared to be Huawei's three-fold screen phone had leaked on the Internet, causing widespread concern. In the picture, the new phone held by Yu Chengdong shows extraordinary visual impact. Its screen size is far larger than that of conventional folding screen mobile phones. It has a unique design and is not a tablet but is better than a tablet. There is a central hole-punch camera inlaid on the top of the left side, as well as a vaguely visible double-fold design. The side of the phone is suspected to be equipped with a stylus. These clues all point to this
The best time to buy Huawei Mate 60 series, new AI elimination + image upgrade, and enjoy autumn promotions
Aug 29, 2024 pm 03:33 PM
Since the Huawei Mate60 series went on sale last year, I personally have been using the Mate60Pro as my main phone. In nearly a year, Huawei Mate60Pro has undergone multiple OTA upgrades, and the overall experience has been significantly improved, giving people a feeling of being constantly new. For example, recently, the Huawei Mate60 series has once again received a major upgrade in imaging capabilities. The first is the new AI elimination function, which can intelligently eliminate passers-by and debris and automatically fill in the blank areas; secondly, the color accuracy and telephoto clarity of the main camera have been significantly upgraded. Considering that it is the back-to-school season, Huawei Mate60 series has also launched an autumn promotion: you can enjoy a discount of up to 800 yuan when purchasing the phone, and the starting price is as low as 4,999 yuan. Commonly used and often new products with great value
Huawei will launch the Xuanji sensing system in the field of smart wearables, which can assess the user's emotional state based on heart rate
Aug 29, 2024 pm 03:30 PM
Recently, Huawei announced that it will launch a new smart wearable product equipped with Xuanji sensing system in September, which is expected to be Huawei's latest smart watch. This new product will integrate advanced emotional health monitoring functions. The Xuanji Perception System provides users with a comprehensive health assessment with its six characteristics - accuracy, comprehensiveness, speed, flexibility, openness and scalability. The system uses a super-sensing module and optimizes the multi-channel optical path architecture technology, which greatly improves the monitoring accuracy of basic indicators such as heart rate, blood oxygen and respiration rate. In addition, the Xuanji Sensing System has also expanded the research on emotional states based on heart rate data. It is not limited to physiological indicators, but can also evaluate the user's emotional state and stress level. It supports the monitoring of more than 60 sports health indicators, covering cardiovascular, respiratory, neurological, endocrine,
Apple and Huawei both wanted to make a buttonless phone, but Xiaomi made it first?
Aug 29, 2024 pm 03:33 PM
According to a report from Smartprix, Xiaomi is developing a buttonless mobile phone codenamed "Suzaku". According to this news, this mobile phone codenamed Zhuque will be designed with an integrated concept, use an under-screen camera, and be equipped with Qualcomm Snapdragon 8gen4 processor. If the plan does not change, we are likely to see its arrival in 2025. When I saw this news, I thought I was back in 2019 - at that time, Xiaomi released the Mi MIX Alpha concept phone, and the surround-screen button-less design was quite amazing. This is the first time I have seen the charm of a buttonless mobile phone. If you want a piece of "magic glass", you must first kill the buttons. In "The Biography of Steve Jobs", Jobs once expressed that he hoped that the mobile phone could be like a piece of "magic glass".
Samsung will provide displays for Microsoft's MR headsets, and the devices are expected to be lighter and have clearer displays
Aug 10, 2024 pm 09:45 PM
Recently, Samsung Display and Microsoft signed an important cooperation agreement. According to the agreement, Samsung Display will develop and supply hundreds of thousands of OLEDoS panels for mixed reality (MR) head-mounted devices to Microsoft. Microsoft is developing an MR device for multimedia content such as games and movies. This device is expected to It will be launched after the OLEDoS specifications are finalized, mainly serving the commercial field, and is expected to be delivered as early as 2026. OLEDoS (OLED on Silicon) technology OLEDoS is a new display technology that deposits OLED on a silicon substrate. Compared with traditional glass substrates, it is thinner and has higher pixels. OLEDoS display and ordinary display
The price of Mate 60 is reduced by 800 yuan, and the price of Pura 70 is reduced by 1,000 yuan: Just wait until Huawei releases Mate 70!
Aug 16, 2024 pm 03:45 PM
According to news on August 16, for current Huawei mobile phones, they are already working hard to clear the way for the launch of new models, so everyone has seen the prices of the Mate60 series and Pura70 series being reduced one after another. With Huawei officially announcing price cuts for the Mate60 series on August 15, the latest models of Huawei’s two flagship series have completed price adjustments. In July this year, Huawei officially announced that the Huawei Pura70 series would be on sale, with prices reduced by up to 1,000 yuan. Among them, Huawei Pura70 has a direct discount of 500 yuan, with a starting price of 4999 yuan; Huawei Pura70 Beidou Satellite News Edition has a direct discount of 500 yuan, with a starting price of 5099 yuan; Huawei Pura70Pro has a direct discount of 800 yuan, with a starting price of 5699 yuan; Huawei Pura70Pr
2024Q2 Global Mobile Programmatic Advertising Report: Apple iPhone leads the way with 51% voice share, followed by Samsung, Huawei and Xiaomi
Aug 22, 2024 pm 02:05 PM
According to news from this website on August 22, market research agency Pixalate released a report yesterday (August 21), stating that in the global mobile programmatic advertising market, Apple ranked first with a share of voice (SOV) of 51%. Explanation of related terms: This site briefly introduces the proper terms: Programmatic Advertising: Programmatic advertising refers to the use of advertising technology to purchase and sell digital advertising. Programmatic advertising can show your audience relevant ads through automated steps in less than a second. Share of Voice (SOV): Percentage of open programmatic ad sales related to specific device types in each region, as measured by Pixalate
Huawei offers discounts on Mate X5 and other models, with prices reduced by up to thousands of yuan
Aug 29, 2024 pm 03:32 PM
On August 29, Huawei Terminal officially announced that the Huawei Pioneer Thanksgiving Feedback Season has begun! Buy Huawei MateX5, Huawei Pocket2, Huawei novaFlip, Huawei Pura70 series, and Huawei Mate60 series immediately to enjoy purchasing privileges. However, Huawei officials did not elaborate on the specific rights and interests of the "purchase privileges". 1. Huawei Mate , limited to 10 o'clock/16 o'clock/20 o'clock, order placed every hour
