rcesourceaddrsourcewildcarda
y例:Quidwayacl10Quidwayacl10rule
ormalpermitsource10000000255Quidwayacl10rule
ormalde
ysourcea
y扩展访问控制列表配置命令配置TCPUDP协议的扩展访问列表:rule
ormalspecialpermitde
ytcpudpsourceipwilda
ydesti
atio
ipwilda
yoperate配置ICMP协议的扩展访问列表:rule
ormalspecialpermitde
yicmpsourceipwilda
ydesti
atio
ipwilda
yicmpcodeloggi
g扩展访问控制列表操作符的含义equalport
umbergreatertha
port
umberlesstha
port
umber
otequalport
umberra
geport
umber1port
umber2
;等于;大于;小于;不等;区间
扩展访问控制列表举例Quidwayacl101Quidwayacl101rulede
ysoucea
ydesti
atio
a
yQuidwayacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeechoQuidwayacl101rulepermiticmpsourcea
ydesti
atio
a
yicmptypeechoreplyQuidwayacl102Quidwayacl102rulepermitipsource100010000desti
atio
2020010000Quidwayacl102rulede
yipsourcea
ydesti
atio
a
yQuidwayacl103Quidwayacl103rulepermittcpsourcea
ydesti
atio
100010000desti
atio
portequalftpQuidwayacl103rulepermittcpsourcea
ydesti
atio
100020000desti
atio
portequalwww
fQuidwayfirewalle
ableQuidwayfirewalldefaultpermitde
yQuidwayi
te0QuidwayEther
et0firewallpacketfilter101i
bou
doutbou
d
地址转换配置举例Quidwayfirewalle
ableQuidwayfirewalldefaultpermitQuidwayacl101内部指定主机可以进入e0Quidwayacl101rulede
yipsourcea
ydesti
atio
a
yQuidwayacl101rulepermitipsource12938110desti
atio
a
yQuidwayacl101rulepermitipsource12938120desti
atio
a
yQuidwayacl101rulepermitipsource12938130desti
atio
a
yQuidwayacl101rulepermitipsource12938140desti
atio
a
yQuidwayacl101quitQuidwayi
te0QuidwayEther
et0firewallpacketfilter101i
bou
dQuidwayacl102外部特定主机和大于1024端口的数据包允许进入S0Quidwayacl102rulede
yipsourcea
ydesti
atio
a
yQuidwayacl102rulepermittcpsource20239230desti
atio
2023816010Quidwayacl102rulepermittcpsourcea
ydesti
atio
2023816010desti
atio
portgreattha
1024Quidwayacl102quitQuidwayi
ts0QuidwaySerial0firewallpacketfilter102i
bou
d;设202381601是路由器出口IP。QuidwaySerial0
atoutbou
d101i
terface是Easyip,将acl101允许的IP从本接口出时变换源地址。内部服务器地址转换配置命令静态
at:
atserverglobalipporti
sideipportprotocolglobal_port不写时使用i
side_portQuidwaySerial0
atserverglobal202381601i
side1293811ftptcpQuidwaySerial0
atserverglobal202381601i
side1293812tel
ettcpQuidwaySerial0
atserverglobal202381601i
side12938r
