Table of Contents
Advertisement
1798
C
94: F
HAPTER
IREWALL
Configuring an ASPF
ASPF Configuration Task
Enabling the Firewall
Function
C
ONFIGURATION
[Router-acl-adv-3001] rule permit ip source 129.1.1.1 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.2 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.3 0
[Router-acl-adv-3001] rule permit ip source 129.1.1.4 0
# Configure a rule to prohibit all IP packets from passing the firewall.
[Router-acl-adv-3001] rule deny ip
# Create advanced ACL 3002.
[Router-acl-adv-3001] quit
[Router] acl number 3002
# Configure a rule to allow a specific external user to access internal servers.
[RouterA-acl-adv-3002] rule permit tcp source 20.3.3.3 0 destination 20.1.1.1 0
# Configure a rule to permit specific data (only packets of which the port number
is greater than 1024) to get access to the internal network.
[Router-acl-adv-3002] rule permit tcp destination 20.1.1.1 0 destina
tion-port gt 1024
[Router-acl-adv-3002] rule deny ip
# Apply ACL 3001 to packets that come in through Ethernet 1/0.
[Router-acl-adv-3002] quit
[Router] interface ethernet 1/0
[Router-Ethernet1/0] firewall packet-filter 3001 inbound
# Apply ACL 3002 to packets that come in through Serial 2/0.
[Router-Ethernet1/0] quit
[Router] interface serial 2/0
[Router-Serial2/0] firewall packet-filter 3002 inbound
List
Task
"Enabling the Firewall Function" on page 1794
"Configuring an ASPF Policy" on page 1799
"Applying an ASPF Policy to an Interface" on page 1799
"Enabling the Session Logging Function for ASPF" on page
1800
"Configuring Port Mapping" on page 1800
Following these steps to enable the firewall function:
To do...
Enter system view
Use the command...
system-view
Remarks
Required
Required
Required
Optional
Optional
Remarks
-
Hide quick links:
Advertisement
Chapters
Table of Contents
Troubleshooting
