路由器防火墙配置指导（Router firewall configuration guidance）.docVIP

路由器防火墙配置指导（Router firewall configuration guidance） Router firewall configuration guidance Author: admin date: 2009-12-02 Font size: small, medium, large ICG firewall configuration guidance Firewall profile A firewall can prevent from the Internet, to protect the network from unauthorized access, access control gateway on the other hand can be used as an Internet access control, internal network users to Web or E-mail on the Internet to send and receive access. Through reasonable configuration of firewall, the security and stability of the network can be greatly improved. Firewall configuration guide 2.1 basic configuration steps The basic configuration order of the firewall is as follows: First enable the firewall: IPv4: enter firewall enable under the system view IPv6: enter firewall IPv6 enable under the system view Then configure ACL ACL number 3000 Rule 0, permit, IP, source, , 0 Rule 10, deny, IP Then apply the firewall on the interface as needed Interface Ethernet0/1 Port link-mode route Firewall packet-filter 3000 inbound IP address 2.2 basic configuration example: As mentioned earlier, after enabling the firewall, you configure the ACL as needed and apply it to the interface. Here are a few common requirements configuration methods: Et0/1 Et0/0 The following examples of networking are as follows: ICG device Intranet Extranet The network address 55 2.2.1 prohibits access to certain addresses of the extranet Purpose: limit access to the internet. For example, no access to the address is allowed ACL configuration: [H3C]acl n 3000 [H3C-acl-adv-3000]rule deny IP destination 0 prohibits [H3C-acl-adv-3000]rule permit IP allows other IP Port configuration, configure the firewall in the direction of the network port [H3C]int et0/1 [H3C-Ethernet0/1]firewall packet-filter 3000 inbound Note: 1) if you want to disable a network segment, choose the appropriate mask 2) if there are more than one network port, it can be used in every required network port, or in the di