|
Cisco IOS防火墙的安全规则和配置方案(21)
第二步:配置access list
access-list 101 permit icmp any any echo
access-list 101 permit icmp any any echo-reply
access-list 101 permit icmp any any unreachable
access-list 101 permit icmp any any time-exceeded
access-list 101 permit icmp any any packet-too-big
access-list 101 permit icmp any any traceroute(以上命令允许ping包通过,主要用来排错,如果没有必要上述命令可以不做)
access-list 101 permit any any eq smtp(允许在邮件服务器上的安全验证)
access-list 101 deny ip any any log(CBAC要求禁止其他所有进入的ip包)
|
