»ªÎª·À»ðǽÅäÖÃʹÓÃÊֲᣨ×Ô¼ºÐ´£© ÏÂÔØ±¾ÎÄ

ÒÆ¶¯²ßÂÔµÄÓÅÏȼ¶£ºÓò¼ä»òÕßÓòÄÚÊÓͼÏ¡£

policy move policy-id1 { before | after } policy-id2ÃüÁîÓÃÀ´Òƶ¯²ßÂÔÓÅÏȼ¶£¬±ÈÈçpolicy move 2 before 4 £¬before¾ÍÊÇÖ¸½«policy-id1µÄÓÅÏȼ¶µ÷Õûµ½policy-id2֮ǰ£¬afterÖ¸µÄÊǽ«policy-id1µÄÓÅÏȼ¶µ÷Õûµ½policy-id2Ö®ºó¡£

firewall statistic system enable //¿ªÆô±¨ÎĵÄͳ¼Æ¹¦ÄÜ£¬È±Ê¡Çé¿öÏ£¬ÏµÍ³¼¶µÄÁ÷Á¿Í³¼ÆºÍ¼à

¿Ø¹¦ÄÜ¿ªÆô¡£ Web¹ÜÀí¶Ë¿ÚÅäÖà web-manager enable

web-manager enable port 8099

web-manager security enable //¿ªÆôhttps¹ÜÀí¹¦ÄÜ web-manager security enable port 8443 undo web-manager config-guide enable

telnet server enable //¿ªÆôtelnetÅäÖù¦ÄÜ ·À»ðǽ¡°°²È«·À»¤¡±ÀïµÄÅäÖá£

firewall defend action alert

firewall defend udp-short-header enable firewall defend port-scan enable firewall defend ip-sweep enable firewall defend teardrop enable firewall defend ip-fragment enable firewall defend tcp-flag enable firewall defend winnuke enable firewall defend fraggle enable firewall defend ping-of-death enable firewall defend udp-flood enable

firewall defend smurf enable firewall defend land enable

firewall defend arp-flood enable firewall defend arp-spoofing enable

firewall defend udp-flood base-session max-rate 20000 firewall defend icmp-flood base-session max-rate 255 firewall source-ip detect interface GigabitEthernet0/0/5 firewall source-ip detect interface GigabitEthernet0/0/6

firewall defend icmp-flood interface GigabitEthernet0/0/5 max-rate 200000 firewall defend icmp-flood interface GigabitEthernet0/0/6 max-rate 200000 firewall defend arp-flood interface GigabitEthernet0/0/1 max-rate 50000

×Ô¼ºÐ´µÄ½Å±¾£º

ip service-set Tomcat type object

service 0 protocol tcp destination-port 8181 ip service-set Tomcat2 type object

service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8282 ip service-set Tomcat3 type object

service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8585 service 2 protocol tcp destination-port 8787

policy interzone untrust trust inbound policy 0 action permit

policy service service-set icmp policy service service-set Tomcat

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.66 0 policy destination 172.16.4.67 0 policy destination 172.16.4.123 0 policy 1 action permit

policy service service-set ftp policy service service-set icmp

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.71 0

policy 2 action permit

policy service service-set icmp

policy service service-set Tomcat2

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.72 0

policy 3 action permit

policy service service-set icmp policy service service-set Tomcat3

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.119 0

firewall defend arp-flood enable //¿ªÆôarp·ººé¹¦ÄÜ