Created
December 9, 2011 01:39
-
-
Save hplc/1449707 to your computer and use it in GitHub Desktop.
H3C SecPath FW100-C NAT and ADSL
This file contains bidirectional Unicode text that may be interpreted or compiled differently than what appears below. To review, open the file in an editor that reveals hidden Unicode characters.
Learn more about bidirectional Unicode characters
# | |
sysname H3C | |
# | |
firewall packet-filter enable | |
firewall packet-filter default permit | |
# | |
undo connection-limit enable | |
connection-limit default deny | |
connection-limit default amount upper-limit 50 lower-limit 20 | |
# | |
dialer-rule 1 ip permit | |
# | |
firewall statistic system enable | |
# | |
radius scheme system | |
server-type extended | |
# | |
domain system | |
# | |
local-user helloit.info | |
password simple helloit.info | |
service-type telnet | |
level 3 | |
# | |
dhcp server ip-pool 1 | |
network 192.168.90.0 mask 255.255.255.0 | |
gateway-list 192.168.90.1 | |
dns-list 8.8.8.8 8.8.4.4 | |
# | |
acl number 3001 | |
rule 0 permit ip source 192.168.90.0 0.0.0.255 | |
# | |
interface Dialer1 | |
link-protocol ppp | |
ppp pap local-user helloit.info password cipher helloit.info | |
ip address ppp-negotiate | |
dialer user helloit.info | |
dialer-group 1 | |
dialer bundle 1 | |
nat outbound 3001 | |
# | |
interface Ethernet1/0 | |
ip address 192.168.90.1 255.255.255.0 | |
# | |
interface Ethernet2/0 | |
speed 10 | |
duplex full | |
pppoe-client dial-bundle-number 1 | |
ip address dhcp-alloc | |
# | |
interface NULL0 | |
# | |
firewall zone local | |
set priority 100 | |
# | |
firewall zone trust | |
add interface Ethernet1/0 | |
set priority 85 | |
# | |
firewall zone untrust | |
add interface Ethernet2/0 | |
add interface Dialer1 | |
set priority 5 | |
# | |
firewall zone DMZ | |
set priority 50 | |
# | |
firewall interzone local trust | |
# | |
firewall interzone local untrust | |
# | |
firewall interzone local DMZ | |
# | |
firewall interzone trust untrust | |
# | |
firewall interzone trust DMZ | |
# | |
firewall interzone DMZ untrust | |
# | |
FTP server enable | |
# | |
dhcp server forbidden-ip 192.168.90.1 | |
# | |
ip route-static 0.0.0.0 0.0.0.0 Dialer 1 preference 60 | |
# | |
firewall defend ip-spoofing | |
firewall defend land | |
firewall defend smurf | |
firewall defend fraggle | |
firewall defend winnuke | |
firewall defend icmp-redirect | |
firewall defend icmp-unreachable | |
firewall defend source-route | |
firewall defend route-record | |
firewall defend tracert | |
firewall defend ping-of-death | |
firewall defend tcp-flag | |
firewall defend ip-fragment | |
firewall defend large-icmp | |
firewall defend teardrop | |
firewall defend ip-sweep | |
firewall defend port-scan | |
firewall defend arp-spoofing | |
firewall defend arp-reverse-query | |
firewall defend arp-flood | |
firewall defend frag-flood | |
firewall defend syn-flood enable | |
firewall defend udp-flood enable | |
firewall defend icmp-flood enable | |
# | |
user-interface con 0 | |
user-interface vty 0 4 | |
authentication-mode scheme | |
# | |
return |
Author
hplc
commented
Dec 14, 2011
Sign up for free
to join this conversation on GitHub.
Already have an account?
Sign in to comment