![[ 永遠的UNIX::UNIX技術資料的寶庫 ]](/images/title.gif) GB | BIG5
|
| 首頁 > 網絡管理 > 網絡設備 > 正文 |
 |
| ISDN路由器的高級設置(下) |
| 本文出自:http://comp.zz.ha.cn/ 作者: 葉揚 (2001-08-17 12:00:00) |
封鎖非法Web站點
互聯網上的網站品質良莠不齊,還有很多非法、反動站點。本例即是講解如何設置過濾器,以達到封鎖非法Web站點的目的。
例如,我們想禁止用戶訪問XXX.XXX.XX.XXX站點,就可以進行如下設置:
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
1 Block a Web7 7
2 8
3 9
4 10
5 11
6 12
Enter Filter Set Number to Configure= 0
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
|
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 0 IP Source Route= No
Destination: IP Addr= XXX.XXX.XX.XXX
IP Mask= 255.255.255.255
Port #=
Port # Comp= None
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
|
| 3.最在Menu 3.1的′Input Filter Set′中激活該過濾項就可以了 |
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=1
device filters=
Output Filter Sets:
protocol filters=
device filters=
|
設置防火牆
P100IH具有簡單的防火牆功能,通過對數據封包的過濾,可以阻擋來自互聯網上黑客的攻擊。簡單的防火牆的端口設置如下:
﹒ 允許 ARP、ICMP、Ping;
﹒ 允許 TCP、UDP > 1023的傳輸端口;
﹒ 允許 HTTP、SMTP、MNTP、DNS;
﹒ 阻止其它任何來自Internet的數據包。
設置過濾器過程如下:
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
1 Firewall 7 7
2 8
3 9
4 10
5 11
6 12
Enter Filter Set Number to Configure= 0
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
|
| 2.分別建立四條過濾規則:Menu 21.1.1,Menu 21.1.2,Menu 21.1.3,…… |
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 1 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 1023
Port # Comp= Greater
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Menu 21.1.3 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 1023
Port # Comp= Greater
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
|
Menu 21.1.5 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Drop
Press ENTER to Confirm or ESC to Cancel:
|
以上4條過濾規則的匯總選單Menu 21,如下所示:
| 3.最,在Menu 3.1的′Input Filter Set′中激活該過濾項就可以了 |
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=1
device filters=
Output Filter Sets:
protocol filters=
device filters=
|
本文介紹了設置P100IH路由器的方法,讀者可以照搬,也可以根據以上方法,靈活運用過濾器這個工具。只有加強對ISDN路由器的管理,才能保証ISDN合法用戶的使用權。
(http://www.fanqiang.com)
進入【UNIX論壇】
|
|
| 相關文章 |
代理接入服務器(七)ISDN撥號 (2002-02-17 07:20:00)
RedHat6.2服務器配置方案大全--第八章 ISDN (2001-09-29 07:05:00)
ISDN路由器的高級設置(下) (2001-08-17 12:00:00)
ISDN路由器的高級設置(上) (2001-08-17 10:00:00)
使用外置ISDN TA的2個B通道上網的配置 (2001-04-20 16:19:51)
ISDN路由器的設置 (2001-04-19 14:19:02)
|
|
|
|
|
★ 樊強制作 歡迎分享 ★ |