Filtering IP Packets on Router Interfaces with Extended Access Lists
来源:互联网 发布:运维和网络哪个好 编辑:程序博客网 时间:2024/04/30 21:00
Suppose a router is connected to an "internal" Ethernet network and also has a link to the Internet via its serial 0 interface. The internal Ethernet network is the Class B network 131.108.0.0. You want to allow Internet Control Message Protocol (ICMP) messages in from the Internet to the Ethernet network for error-reporting purposes. You also want to allow TCP packets in from the Internet if they are destined to the Simple Mail Transport Protocol (SMTP) port of host 131.108.15.1 or if they are destined to ports greater that 1023 (this setup will allow TCP packets that are in response to connections generated from the internal network). This setup can be accomplished with the following extended access list:
access-list 177 permit tcp 0.0.0.0 255.255.255.255 131.108.0.0 0.0.255.255 gt 1023access-list 177 permit tcp 0.0.0.0 255.255.255.255 131.108.15.1 0.0.0.0 eq 25access-list 177 permit icmp 0.0.0.0 255.255.255.255 131.108.0.0 0.0.255.255 interface s 0ip address 207.200.115.6 255.255.255.252ip access-group 177 in
This access list could also be written as:
access-list 177 permit tcp any 131.108.0.0 0.0.255.255 gt 1023access-list 177 permit tcp any host 131.108.15.1 eq smtpaccess-list 177 permit icmp any 131.108.0.0 0.0.255.255
We could also accomplish the same thing with the following standard named access list:
ip access-list extended filter-inpermit tcp any 131.108.0.0 0.0.255.255 gt 1023permit tcp any host 131.108.15.1 eq smtppermit icmp any 131.108.0.0 0.0.255.255 interface s 0ip address 207.200.115.6 255.255.255.252ip access-group filter-in in
- Filtering IP Packets on Router Interfaces with Extended Access Lists
- extended initializer lists only available with -std=c++11
- Master/Detail Filtering With a DropDownList(Data Access Tutorial 7)
- Classifying packets with filters
- ip traffic export: how to mirror traffic on a router
- Pix with mail server access on DMZ
- SmartHome Gateway solution With rich and various interfaces Supporting flexible access of appliances
- Forefront TMG 2010: Using malware inspection and URL filtering for FTP on access rules
- Router Does Not Forward Multicast Packets
- Filtering Data with PHP
- Collaborative filtering with GraphChi
- Collaborative filtering with GraphChi
- Collaborative filtering with GraphChi
- Collaborative filtering with GraphChi
- Collaborative filtering with GraphChi
- Collaborative filtering with GraphChi
- cmake+gcc解决extended initializer lists only available with -std=c++11 or -std=gnu++11
- Hoj 2278 IP Filtering
- 如何利用Transact-SQL执行事务
- 技术的立足点
- 身体器官工作时间表,要注意作息!!
- 层的显示/隐藏代码
- 正确获取硬盘序列号源码.
- Filtering IP Packets on Router Interfaces with Extended Access Lists
- 商业模式(Business Model)
- 商业模式
- 如果我是一个高校校长
- 从一件小事看规范
- Ajax(.Net)学习起步
- lasdj
- 简介高效struts分页方法
- javascript HTML元素的ID和Name属性的区别