10/05/01 17:34:05
こんなところか?(参考は>>97)
# 全部通す ※ダイナミックフィルターで使う
ip access-list all-permit permit ip src any dest any
# 全部弾く
ip access-list all-deny deny ip src any dest any
# 対ブラスター(今はもう必要ない?)
ip access-list blaster-block deny tcp src any sport eq 135 dest any dport any
ip access-list blaster-block deny tcp src any sport any dest any dport eq 135
ip access-list blaster-block deny udp src any sport eq 135 dest any dport any
ip access-list blaster-block deny udp src any sport any dest any dport eq 135
# ip spoofing攻撃、land攻撃、smurf攻撃に対策
ip access-list ipspoof-block deny ip src 使用しているプライベートアドレス/サブネットマスク dest any
# NetBIOS関連
ip access-list netbios-block deny tcp src any sport range 137 139 dest any dport any
ip access-list netbios-block deny tcp src any sport any dest any dport range 137 139
ip access-list netbios-block deny udp src any sport range 137 139 dest any dport any
ip access-list netbios-block deny udp src any sport any dest any dport range 137 139
ip access-list netbios-block deny tcp src any sport eq 445 dest any dport any
ip access-list netbios-block deny tcp src any sport any dest any dport eq 445
ip access-list netbios-block deny udp src any sport eq 445 dest any dport any
ip access-list netbios-block deny udp src any sport any dest any dport eq 445
# ダイナミックフィルター
ip access-list dynamic access1 access all-permit
# 適用
interface WAN側インタフェース
ip filter ipspoof-block 10 in
ip filter all-deny 20 in
ip filter blaster-block 10 out
ip filter netbios-block 20 out
ip filter access1 30 out
(1/2)