Cisco IOS:是否使用ip检查?
Cisco IOS:是否使用ip检查?
提问于 2011-02-12 15:35:47
有一个Cisco IOS路由器,其中包含以下代码。下面的代码似乎定义了基于上下文的访问控制引擎检查规则。我不认为这些都是用过的。
唯一出现的单词SDM_HIGH,DEFAULT100,inspect,appfw是在下面显示的配置块中。
这是否意味着没有使用这些规则?我非常希望从配置中消除这些问题,这样它就可以更小,更容易完全理解。
ip inspect log drop-pkt
ip inspect name DEFAULT100 appfw DEFAULT100
ip inspect name DEFAULT100 cuseeme
ip inspect name DEFAULT100 ftp
ip inspect name DEFAULT100 h323
ip inspect name DEFAULT100 icmp
ip inspect name DEFAULT100 netshow
ip inspect name DEFAULT100 rcmd
ip inspect name DEFAULT100 realaudio
ip inspect name DEFAULT100 rtsp
ip inspect name DEFAULT100 esmtp
ip inspect name DEFAULT100 sqlnet
ip inspect name DEFAULT100 streamworks
ip inspect name DEFAULT100 tftp
ip inspect name DEFAULT100 tcp
ip inspect name DEFAULT100 udp
ip inspect name DEFAULT100 vdolive
ip inspect name DEFAULT100 bliff
ip inspect name DEFAULT100 imap
ip inspect name DEFAULT100 imaps
ip inspect name DEFAULT100 imap3
ip inspect name DEFAULT100 lotusnote
ip inspect name DEFAULT100 lotusmtap
ip inspect name DEFAULT100 pop3
ip inspect name DEFAULT100 pop3s
ip inspect name DEFAULT100 qmtp-tcp
ip inspect name DEFAULT100 http
ip inspect name DEFAULT100 https
ip inspect name DEFAULT100 dns
ip inspect name SDM_HIGH appfw SDM_HIGH
ip inspect name SDM_HIGH icmp
ip inspect name SDM_HIGH dns
ip inspect name SDM_HIGH esmtp
ip inspect name SDM_HIGH imap reset
ip inspect name SDM_HIGH pop3 reset
ip inspect name SDM_HIGH tcp
ip inspect name SDM_HIGH udp
ip inspect name SDM_HIGH https
ip inspect name SDM_HIGH bliff
ip inspect name SDM_HIGH imaps
ip inspect name SDM_HIGH imap3
ip inspect name SDM_HIGH lotusnote
ip inspect name SDM_HIGH lotusmtap
ip inspect name SDM_HIGH pop3s
ip inspect name SDM_HIGH qmtp-tcp
....
appfw policy-name SDM_HIGH
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
port-misuse im action reset alarm
port-misuse p2p action reset alarm
port-misuse tunneling action reset alarm
audit-trail on
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name messenger.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!
appfw policy-name DEFAULT100
application im aol
service default action reset alarm
service text-chat action reset alarm
server deny name login.oscar.aol.com
server deny name toc.oscar.aol.com
server deny name oam-d09a.blue.aol.com
audit-trail on
application im msn
service default action reset alarm
service text-chat action reset alarm
server deny name messenger.hotmail.com
server deny name gateway.messenger.hotmail.com
server deny name webmessenger.msn.com
audit-trail on
application http
strict-http action reset alarm
port-misuse im action reset alarm
port-misuse tunneling action reset alarm
audit-trail on
application im yahoo
service default action reset alarm
service text-chat action reset alarm
server deny name scs.msg.yahoo.com
server deny name scsa.msg.yahoo.com
server deny name scsb.msg.yahoo.com
server deny name scsc.msg.yahoo.com
server deny name scsd.msg.yahoo.com
server deny name messenger.yahoo.com
server deny name cs16.msg.dcn.yahoo.com
server deny name cs19.msg.dcn.yahoo.com
server deny name cs42.msg.dcn.yahoo.com
server deny name cs53.msg.dcn.yahoo.com
server deny name cs54.msg.dcn.yahoo.com
server deny name ads1.vip.scd.yahoo.com
server deny name radio1.launch.vip.dal.yahoo.com
server deny name in1.msg.vip.re2.yahoo.com
server deny name data1.my.vip.sc5.yahoo.com
server deny name address1.pim.vip.mud.yahoo.com
server deny name edit.messenger.yahoo.com
server deny name http.pager.yahoo.com
server deny name privacy.yahoo.com
server deny name csa.yahoo.com
server deny name csb.yahoo.com
server deny name csc.yahoo.com
audit-trail on
!
!回答 1
Server Fault用户
回答已采纳
发布于 2011-02-23 21:24:25
根据您的配置,不使用这些规则。仔细检查每个路由器接口,以确定是否有"ip检查“命令的证据(在检查中显示run _)。如果启用了它们,我希望看到(例如):
interface serial 0/0
ip inspect SDM_HIGH in
ip inspect DEFAULT100 in下面的文档可能有助于准确解释所看到的内容,并举例说明这些命令是如何绑定在一起的:
http://www.cisco.com/en/US/docs/ios/12_4t/12_4t4/ht_fw_im.html
页面原文内容由Server Fault提供。腾讯云小微IT领域专用引擎提供翻译支持
原文链接:
https://serverfault.com/questions/234759
复制相关文章
相似问题
腾讯云开发者
Copyright © 2013 - 2026 Tencent Cloud. All Rights Reserved. 腾讯云 版权所有
深圳市腾讯计算机系统有限公司 ICP备案/许可证号:粤B2-20090059 
粤公网安备44030502008569号
腾讯云计算(北京)有限责任公司 京ICP证150476号 | 京ICP备11018762号