acl

Cisco 
conf t
interface GigabitEthernet0/2
 ip access-group in_block in
exit
!
ip access-list extended in_block
 deny   udp any any eq ntp log
 permit udp host 91.1.1.1 host 91.1.1.3 eq domain
 permit udp host 91.1.1.1 host 91.1.1.13 eq domain
 permit tcp host 91.1.1.1 any
 permit icmp host 91.1.1.1 any
!




!
interface GigabitEthernet0/1.951
 description 1
 encapsulation dot1Q 951
 ip address 172.18.8.10 255.255.255.252
 ip access-group uraltcom_out out
 no ip unreachables
 ip nat outside
 ip virtual-reassembly max-fragments 64 max-reassemblies 1024
 no cdp enable
!
.....
!
ip access-list extended uraltcom_out
 deny   ip any host 141.101.116.145
 deny   ip any host 141.101.117.145
 deny   ip any host 185.13.226.56
!




!
interface FastEthernet0/16
 description murka-doma
 switchport access vlan 1798
 switchport mode access
!

!
ip access-list extended all-ip
 permit ip any any
ip access-list extended in_block
 deny   udp host 91.5.9.30 any eq 655
 deny   ip host 91.5.9.30 host 95.13.19.12
 permit ip any any
!

0 комментариев

Только зарегистрированные и авторизованные пользователи могут оставлять комментарии.