ÒÆ¶¯²ßÂÔµÄÓÅÏȼ¶£ºÓò¼ä»òÕßÓòÄÚÊÓͼÏ¡£
policy move policy-id1 { before | after } policy-id2ÃüÁîÓÃÀ´Òƶ¯²ßÂÔÓÅÏȼ¶£¬±ÈÈçpolicy move 2 before 4 £¬before¾ÍÊÇÖ¸½«policy-id1µÄÓÅÏȼ¶µ÷Õûµ½policy-id2֮ǰ£¬afterÖ¸µÄÊǽ«policy-id1µÄÓÅÏȼ¶µ÷Õûµ½policy-id2Ö®ºó¡£
firewall statistic system enable //¿ªÆô±¨ÎĵÄͳ¼Æ¹¦ÄÜ£¬È±Ê¡Çé¿öÏ£¬ÏµÍ³¼¶µÄÁ÷Á¿Í³¼ÆºÍ¼à
¿Ø¹¦ÄÜ¿ªÆô¡£ Web¹ÜÀí¶Ë¿ÚÅäÖà web-manager enable
web-manager enable port 8099
web-manager security enable //¿ªÆôhttps¹ÜÀí¹¦ÄÜ web-manager security enable port 8443 undo web-manager config-guide enable
telnet server enable //¿ªÆôtelnetÅäÖù¦ÄÜ ·À»ðǽ¡°°²È«·À»¤¡±ÀïµÄÅäÖá£
firewall defend action alert
firewall defend udp-short-header enable firewall defend port-scan enable firewall defend ip-sweep enable firewall defend teardrop enable firewall defend ip-fragment enable firewall defend tcp-flag enable firewall defend winnuke enable firewall defend fraggle enable firewall defend ping-of-death enable firewall defend udp-flood enable
firewall defend smurf enable firewall defend land enable
firewall defend arp-flood enable firewall defend arp-spoofing enable
firewall defend udp-flood base-session max-rate 20000 firewall defend icmp-flood base-session max-rate 255 firewall source-ip detect interface GigabitEthernet0/0/5 firewall source-ip detect interface GigabitEthernet0/0/6
firewall defend icmp-flood interface GigabitEthernet0/0/5 max-rate 200000 firewall defend icmp-flood interface GigabitEthernet0/0/6 max-rate 200000 firewall defend arp-flood interface GigabitEthernet0/0/1 max-rate 50000
×Ô¼ºÐ´µÄ½Å±¾£º
ip service-set Tomcat type object
service 0 protocol tcp destination-port 8181 ip service-set Tomcat2 type object
service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8282 ip service-set Tomcat3 type object
service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8585 service 2 protocol tcp destination-port 8787
policy interzone untrust trust inbound policy 0 action permit
policy service service-set icmp policy service service-set Tomcat
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.66 0 policy destination 172.16.4.67 0 policy destination 172.16.4.123 0 policy 1 action permit
policy service service-set ftp policy service service-set icmp
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.71 0
policy 2 action permit
policy service service-set icmp
policy service service-set Tomcat2
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.72 0
policy 3 action permit
policy service service-set icmp policy service service-set Tomcat3
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.119 0
firewall defend arp-flood enable //¿ªÆôarp·ººé¹¦ÄÜ