[[cisco:policy-map]]
Historie: vmtool screen pptp policy-map
Zdrojový kód stránky
SprávaPoslední úpravyMapa stránek

Toto je starší verze dokumentu!

Obsah

ÚVOD » tajná oblast CLnet » 3comCiscoHuaweiIPv6LinuxMicrosoftNovellRouterboardVMwareostatní instalaceknihovna

04.01.2015 09:55

policy-map

  • příklad konfiguráku z C876 (ADSL)

LAN-WAN

! ----------------------------------------------------------------------------------------------------------------
!
!insp-traffic
class-map type inspect match-any cls-insp-traffic
 match protocol pptp
 match protocol dns
 match protocol https
 match protocol icmp
 match protocol imap
 match protocol pop3
 match protocol tcp
 match protocol udp
 exit

class-map type inspect match-all insp-traffic
 match class-map cls-insp-traffic
 exit

! ----------------------------------------------------------------------------------------------------------------
!
! protocol-p2p

class-map type inspect match-any cls-protocol-p2p
 match protocol edonkey 
 match protocol gnutella 
 match protocol kazaa2 
 match protocol fasttrack 
 exit

class-map type inspect match-all protocol-p2p
 match class-map cls-protocol-p2p
 exit


! ----------------------------------------------------------------------------------------------------------------
!
!protocol-smtp

class-map type inspect match-all protocol-smtp
 match protocol smtp
 exit


! ----------------------------------------------------------------------------------------------------------------
!
! protocol-http
!
class-map type inspect match-all protocol-http
 match protocol http
 exit


! ----------------------------------------------------------------------------------------------------------------
!
! invalid-src
!
access-list 100 remark -- class invalid-src
access-list 100 permit ip host 255.255.255.255 any
access-list 100 permit ip 127.0.0.0 0.255.255.255 any

class-map type inspect match-all invalid-src
 match access-group 100
 exit

! ----------------------------------------------------------------------------------------------------------------
! ----------------------------------------------------------------------------------------------------------------
!
! policy-map INSPECT
!
policy-map type inspect inspect
 class type inspect invalid-src
  drop log
  exit
 class type inspect protocol-http
  no drop
  inspect
  exit
 class type inspect protocol-smtp
  no drop
  inspect
  exit
 class type inspect protocol-p2p
  no drop
  inspect
  exit
 class type inspect insp-traffic
  no drop
  inspect
  exit
 class class-default
  no drop
  pass
  exit
 exit

zone security WAN
exit
zone security LAN
exit

interface Dialer0
 zone-member security WAN
 exit
interface Vlan1
 zone-member security LAN
 exit

zone-pair security zp-LAN-WAN source LAN destination WAN
 service-policy type inspect inspect
 exit

WAN-LAN

policy-map type inspect WAN_LAN
 class type inspect cls_pptp
  no drop
  pass
  exit
 class type inspect protocol-smtp
  no drop
  pass
  exit
 class class-default
  drop log
  exit
 exit

zone security WAN
exit
zone security LAN
exit

zone-pair security zp-WAN-To-LAN source WAN destination LAN
 service-policy type inspect WAN_LAN
 exit
cisco/policy-map.1272007980.txt.gz · Poslední úprava: 13.03.2020 18:43 (upraveno mimo DokuWiki)
Zdrojový kód stránkyStarší verze
Správa médiíNahoru
CC Attribution-Share Alike 4.0 International
Driven by DokuWiki Recent changes RSS feed Valid CSS Valid XHTML 1.0