Created
November 29, 2011 01:09
-
-
Save hplc/1402876 to your computer and use it in GitHub Desktop.
H3C SecPath FW100-C firewall
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
sysname H3C | |
# | |
firewall packet-filter enable | |
firewall packet-filter default permit | |
# | |
undo connection-limit enable | |
connection-limit default deny | |
connection-limit default amount upper-limit 50 lower-limit 20 | |
# | |
nat address-group 1 113.106.82.124 113.106.82.125 | |
# | |
firewall statistic system enable | |
# | |
radius scheme system | |
server-type extended | |
# | |
domain system | |
# | |
local-user helloit.info | |
password simple helloit.info | |
service-type telnet | |
level 3 | |
local-user cyhplc | |
password simple helloit.info | |
service-type telnet | |
level 3 | |
# | |
acl number 2001 | |
rule 0 permit source 172.17.0.0 0.0.255.255 | |
# | |
interface Ethernet1/0 | |
ip address 172.17.0.254 255.255.0.0 | |
# | |
interface Ethernet2/0 | |
speed 10 | |
duplex full | |
ip address 113.106.82.125 255.255.255.224 | |
nat outbound static | |
nat outbound 2001 address-group 1 | |
nat server protocol tcp global 113.106.82.125 22 inside 172.17.9.101 22 | |
nat server protocol tcp global 113.106.82.125 www inside 172.17.9.101 www | |
nat server protocol tcp global 113.106.82.125 443 inside 172.17.9.101 443 | |
nat server protocol tcp global 113.106.82.125 ftp inside 172.17.9.101 3389 | |
nat server protocol tcp global 113.106.82.124 3389 inside 172.17.9.1 3389 | |
nat server protocol tcp global 113.106.82.124 ftp inside 172.17.9.1 ftp | |
nat server protocol tcp global 113.106.82.124 pop3 inside 172.17.9.1 pop3 | |
nat server protocol tcp global 113.106.82.124 www inside 172.17.9.1 www | |
nat server protocol tcp global 113.106.82.124 1080 inside 172.17.9.1 1080 | |
nat server protocol tcp global 113.106.82.124 8080 inside 172.17.9.1 8080 | |
nat server protocol tcp global 113.106.82.124 443 inside 172.17.9.1 443 | |
nat server protocol tcp global 113.106.82.124 smtp inside 172.17.9.1 smtp | |
nat server protocol tcp global 113.106.82.124 22 inside 172.17.9.1 22 | |
nat server protocol tcp global 113.106.82.124 telnet inside 172.17.9.1 telnet | |
# | |
interface NULL0 | |
# | |
firewall zone local | |
set priority 100 | |
# | |
firewall zone trust | |
add interface Ethernet1/0 | |
set priority 85 | |
# | |
firewall zone untrust | |
add interface Ethernet2/0 | |
set priority 5 | |
# | |
firewall zone DMZ | |
set priority 50 | |
# | |
firewall interzone local trust | |
# | |
firewall interzone local untrust | |
# | |
firewall interzone local DMZ | |
# | |
firewall interzone trust untrust | |
# | |
firewall interzone trust DMZ | |
# | |
firewall interzone DMZ untrust | |
# | |
FTP server enable | |
# | |
ip route-static 0.0.0.0 0.0.0.0 113.106.82.126 preference 60 | |
# | |
ntp-service unicast-server 202.177.16.121 | |
# | |
firewall defend ip-spoofing | |
firewall defend land | |
firewall defend smurf | |
firewall defend fraggle | |
firewall defend winnuke | |
firewall defend icmp-redirect | |
firewall defend icmp-unreachable | |
firewall defend source-route | |
firewall defend route-record | |
firewall defend tracert | |
firewall defend ping-of-death | |
firewall defend tcp-flag | |
firewall defend ip-fragment | |
firewall defend large-icmp | |
firewall defend teardrop | |
firewall defend ip-sweep | |
firewall defend port-scan | |
firewall defend arp-spoofing | |
firewall defend arp-reverse-query | |
firewall defend arp-flood | |
firewall defend frag-flood | |
firewall defend syn-flood enable | |
firewall defend udp-flood enable | |
firewall defend icmp-flood enable | |
# | |
user-interface con 0 | |
user-interface vty 0 4 | |
authentication-mode scheme | |
# | |
return |
Author
hplc
commented
Dec 14, 2011
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment