据我所知一个端口只能应用在一个方向上,但今天看到有家公司的PIX配置:(节选): e! e7 b; l2 T5 k" B6 P
. O: x* ?1 |6 b6 s4 }( @5 z Kaccess-list 1000 extended permit icmp any any echo-reply
. Z$ l: M$ }( q- haccess-list 1000 extended permit ip 10.0.0.0 255.0.0.0 host 10.48.96.209 P) O2 ?$ L( u! ?% {
access-list 1000 extended permit tcp object-group RemoteSourceIP_Indigo object-group UL_Servers object-group Remote_Indigo) s& _& u' f0 ]. V P5 H$ @- {6 h
access-list 1000 extended permit tcp any object-group CG_IT object-group RemoteTools! Y9 G8 ~- I* \+ Y5 G( [) l2 z
access-list 1000 extended permit ip any host 10.48.96.1& q1 D+ U3 X- l' J
access-list 1000 extended permit ip any host 10.48.96.56 f, J0 Y+ S# ~7 Z+ R/ G
access-list 1000 extended permit ip any host 10.48.96.67 Z* n0 G! h ?6 r
access-list 1000 extended permit icmp any any time-exceeded
6 `9 F, s6 ]' Z+ [& A8 y# F* naccess-list 1000 extended permit ip object-group Trusted-Server 10.48.96.0 255.255.240.0" E! e, G3 I, B0 ]$ d3 W3 n
access-list 1000 extended permit tcp object-group BSS_FTP object-group BSS_FTP object-group BSS_FTP_Port
! I% J% r8 N& L8 }6 Taccess-list 1000 extended permit ip any host 10.48.104.53
4 L! R3 p% l7 l# _# U: T0 ~access-list 1000 extended permit ip any host 10.48.96.22
3 e5 G) v$ d5 o3 {% saccess-list 1000 extended permit ip host 10.58.236.44 host 10.48.100.396 f% k& u) n+ C
access-list 1001 extended permit ip any any
0 d6 A! e% r, w1 R$ f; e0 ]- Saccess-list 1001 extended permit udp 10.48.96.0 255.255.255.0 host 224.0.0.28 o/ d# I! A) M% G" f
access-list 1001 extended permit udp host 10.48.96.6 eq 1985 host 224.0.0.2 eq 1985. R w* c+ f4 @6 W% J
access-list 1002 ethertype permit bpdu
, I, x3 e0 u5 ]! l1 }# o' oaccess-list 1002 ethertype permit any
5 Z1 o D$ `. ] f, t, v5 k+ x. m$ |4 o) @2 L6 z5 n m
access-group 1002 in interface outside: k6 h1 p: L8 [: }, r
access-group 1000 in interface outside
- d$ u, K0 c A3 ?access-group 1002 in interface inside
# F1 w# s1 i4 J9 f+ h0 U% R8 Faccess-group 1001 in interface inside
' y3 X; O0 a9 G6 ]" p* A% i; K' e' Z
: C0 H0 J6 }$ S0 a看到了吗?1002是permit any的,那这防火墙不是白配置了?到底为什么会有两条ACL,有高人可以解释一下吗? |
|
所有IT类厂商认证考试题库下载
【新盟教育】2023最新华为HCIA全套视频合集【网工基础全覆盖】---国sir公开课合集
【新盟教育】网工小白必看的!2023最新版华为认证HCIA Datacom零基础全套实战课
原创_超融合自动化运维工具cvTools
重量级~~30多套JAVA就业班全套 视频教程(请尽快下载,链接失效后不补)
链接已失效【超过几百G】EVE 国内和国外镜像 全有了 百度群分享
某linux大佬,积累多年的电子书(约300本)
乾颐堂现任明教教主Python完整版
乾颐堂 教主技术进化论 2018-2019年 最新31-50期合集视频(各种最新技术杂谈视频)
Python学习视频 0起点视频 入门到项目实战篇 Python3.5.2视频教程 共847集 能学102天
约21套Python视频合集 核心基础视频教程(共310G,已压缩)
最新20180811录制 IT爱好者-清风羽毛 - 网络安全IPSec VPN实验指南视频教程
最新20180807录制EVE开机自启动虚拟路由器并桥接物理网卡充当思科路由器
[复制链接]
