Chip 2002 January

home *** CD-ROM | disk | FTP | other *** search

/ Chip 2002 January / 01_02.iso / bonus / listing / files / example.txt

Wrap

Text File | 2001-11-16 | 4KB | 110 lines

! ╬∩≡σΣσδσφΦσ ∩≡αΓΦδα myfw ! ╧≡Φ ²≥ε∞ Java-α∩∩δσ≥√ ≡ατ≡σ°σφ√ Γ ±εε≥Γσ≥±≥ΓΦΦ ! ±ε ±∩Φ±Ωε∞ Σε±≥≤∩α 51 ! ip inspect name myfw cuseeme timeout 3600 ip inspect name myfw ftp timeout 3600 ip inspect name myfw http java-list 51 timeout 3600 ip inspect name myfw rcmd timeout 3600 ip inspect name myfw realaudio timeout 3600 ip inspect name myfw smtp timeout 3600 ip inspect name myfw tftp timeout 30 ip inspect name myfw udp timeout 15 ip inspect name myfw tcp timeout 3600 ip inspect name myfw rpc program-number 100003 ip inspect name myfw rpc program-number 100005 ip inspect name myfw rpc program-number 100021 ! ! ╧≡Φ∞σφσφΦσ ∩≡αΓΦδα myfw Ω ≥≡α⌠ΦΩ≤, Γ⌡εΣ ∙σ∞≤ φα Ethernet0 ! ╥αΩµσ ΣεßαΓδσφ 101 ±∩Φ±εΩ. ┬σ±ⁿ ≥≡α⌠ΦΩ, ∩≡ε∩≤∙σφφ√Θ ! Σαφφ√∞ ±∩Φ±Ωε∞ ß≤Σσ≥ αφαδΦτΦ≡εΓα≥ⁿ± CBAC ! interface Ethernet0 ip address 172.19.139.253 255.255.255.0 ip broadcast-address 172.19.139.255 no ip directed-broadcast no ip proxy-arp ip inspect myfw in ip access-group 101 in no ip route-cache no cdp enable ! ! ╩εφ⌠Φπ≤≡α÷Φ Serial0 ΓΩδ■≈ασ≥ 111 ±∩Φ±εΩ Σε±≥≤∩α Σδ Γ⌡εΣ ∙σπε ≥≡α⌠ΦΩα ! ╧≡Φ ∩≡εΓσ≡Ωσ CBAC ≥≡α⌠ΦΩα Φ±⌡εΣ ∙σπε Φτ ±σ≥Φ ß≤Σ≤≥ ±ετΣαΓα≥ⁿ± ! Γ≡σ∞σφφ√σ ≡ατ≡σ°σφΦ , ΣεßαΓδ σ∞√σ Ω ²≥ε∞≤ ±∩Φ±Ω≤ ! interface Serial0 ip unnumbered Ethernet0 ip access-group 111 in no ip route-cache bandwidth 56 no cdp enable ! ip classless ip route 0.0.0.0 0.0.0.0 Serial0 ! ! ╤∩Φ±εΩ 51 ε∩≡σΣσδ σ≥ "Σ≡≤µσ±≥Γσφφ√σ" and "hostile" ±αΘ≥√ Σδ Java-α∩∩δσ≥εΓ ! access-list 51 deny 172.19.1.203 access-list 51 deny 172.19.2.147 access-list 51 permit 172.19.140.0 0.0.0.255 access-list 51 permit 192.168.1.0 0.0.0.255 access-list 51 deny any ! ! ╤∩Φ±εΩ 101 ∩≡Φ∞σφσφ Γ√°σ Ω Φφ≥σ≡⌠σΘ±≤ Ethernet0. ! ╬φ ≡ατ≡σ°ασ≥ ≥≡α⌠ΦΩ, αφαδΦτΦ≡≤σ∞√Θ CBAC α ≥αΩµσ ! εßσ±∩σ≈ΦΓασ≥ anti-spoofing. ! access-list 101 permit tcp 172.19.139.0 0.0.0.255 any access-list 101 permit udp 172.19.139.0 0.0.0.255 any access-list 101 permit icmp 172.19.139.0 0.0.0.255 any access-list 101 deny ip any any ! ! ╤∩Φ±εΩ 111 ∩≡Φ∞σφσφ Ω Φφ≥σ≡⌠σΘ±≤ Serial0 Φ ⌠Φδⁿ≥≡≤σ≥ ≥≡α⌠ΦΩ, ! ∩≡Φ⌡εΣ ∙ΦΘ ±φα≡≤µΦ. ! ╧≡Φ ⌠≤φΩ÷ΦεφΦ≡εΓαφΦΦ CBAC Γ≡σ∞σφφ√σ ≡ατ≡σ°σφΦ ∞επ≤≥ ! ΣεßαΓδ ≥ⁿ± Ω φα≈αδ≤ Σαφφεπε ±∩Φ±Ωα, ≈≥εß√ ∩≡ε∩≤±≥Φ≥ⁿ ! εß≡α≥φ√Θ ≥≡α⌠ΦΩ ΦτΓφσ. ! ▌≥ε≥ ±∩Φ±εΩ επ≡αφΦ≈ΦΓασ≥ ≥≡α⌠ΦΩ, αφαδΦτΦ≡≤σ∞√Θ CBAC ! ! ═Φµσ∩σ≡σ≈Φ±δσφφ√σ ±≥α≥Φ≈σ±ΩΦσ ∩≡αΓΦδα Σσ∞εφ±≥≡Φ≡≤■≥ ⌡ε≡ε°ΦΘ ±≥Φδⁿ τα∙Φ≥√ ! ! Anti-spoofing. access-list 111 deny ip 172.19.139.0 0.0.0.255 any ! ╧ε≡≥ 22 Σδ SSH... τα°Φ⌠≡εΓαφ, ∩ε²≥ε∞≤ ≡ατ≡σ°Φ≥ⁿ Γ⌡εΣ access-list 111 permit tcp 172.19.140.1 host 172.19.139.2 eq 22 ! ─Φφα∞Φ≈σ±Ωα ∞α≡°≡≤≥Φτα÷Φ EIGRP ≡ατ≡σ°σφα access-list 111 permit igrp any any ! ╨ατ≡σ°Φ≥ⁿ administratively-prohibited Σδ ICMP access-list 111 permit icmp any 172.19.139.0 0.0.0.255 administratively-prohibited ! ╨ατ≡σ°Φ≥ⁿ ping ±σ≥Φ ≤Σαδσφφ√∞ αΣ∞ΦφΦ±≥≡α≥ε≡α∞ access-list 111 permit icmp any 172.19.139.0 0.0.0.255 echo ! ╨ατ≡σ°Φ≥ⁿ ΓετΓ≡α≥ echo-reply Σδ Φ±⌡εΣ ∙σπε ping access-list 111 permit icmp any 172.19.139.0 0.0.0.255 echo-reply ! ICMP ∞εµσ≥ ∩εδ≤≈Φ≥ⁿ ±εεß∙σφΦσ ≥Φ∩α packet too-big access-list 111 permit icmp any 172.19.139.0 0.0.0.255 packet-too-big ! ╚±⌡εΣ ∙α ≥≡α±±Φ≡εΓΩα ≥≡σß≤σ≥ ΓετΓ≡α≥α ±εεß∙σφΦΘ ≥Φ∩α time-exceeded access-list 111 permit icmp any 172.19.139.0 0.0.0.255 time-exceeded ! ╨ατ≡σ°σφα ≥≡α±±Φ≡εΓΩα access-list 111 permit icmp any 172.19.139.0 0.0.0.255 traceroute ! ╨ατ≡σ°σφ√ ε≥Γσ≥√ ∩ε ICPM ≥Φ∩α unreachables access-list 111 permit icmp any 172.19.139.0 0.0.0.255 unreachable ! ╨ατ≡σ°σφ Σε±≥≤∩ ∩ε Telnet Σδ Φτß≡αφφ√⌡ access-list 111 permit tcp 172.19.140.32 0.0.0.31 host 172.19.139.1 eq telnet ! ╟α∩≡σ≥Φ≥ⁿ Γ±σ ε±≥αδⁿφεσ access-list 111 deny ip any any ! no cdp run snmp-server community <elided> RO ! line con 0 exec-timeout 0 0 password <elided> login local * * * * ! scheduler interval 500 end