Home | 简体中文 | 繁体中文 | 杂文 | Search | ITEYE 博客 | OSChina 博客 | Facebook | Linkedin | 作品与服务 | Email

第 10 章 Policy

目录

10.1. 策略管理
10.2. OpenSSH
10.3. HTTP
10.4. RemoteDesktop
10.5. PPTP
10.6. DMZ to Untrust (nat src)

10.1. 策略管理

show policy

firewall-> get policy
Total regular policies 24, Default deny.
    ID From     To       Src-address  Dst-address  Service              Action State   ASTLCB
    76 Untrust  Trust    Any          VIP(61.144.~ OpenSSH              Permit enabled -----X
    77 Untrust  Trust    Any          VIP(61.144.~ CTBS                 Permit enabled -----X
    78 Untrust  Trust    Any          VIP(61.144.~ RemoteDesktop        Permit enabled -----X



firewall-> get policy
Total regular policies 23, Default deny.
    76 Untrust  Trust    Any          VIP(61.144.~ OpenSSH              Permit enabled -----X
    78 Untrust  Trust    Any          VIP(61.144.~ RemoteDesktop        Permit enabled -----X
		

Removing policy

		
firewall-> get policy
Total regular policies 24, Default deny.
    ID From     To       Src-address  Dst-address  Service              Action State   ASTLCB
    76 Untrust  Trust    Any          VIP(61.144.~ OpenSSH              Permit enabled -----X
    77 Untrust  Trust    Any          VIP(61.144.~ CTBS                 Permit enabled -----X
    78 Untrust  Trust    Any          VIP(61.144.~ RemoteDesktop        Permit enabled -----X

firewall-> unset policy 77

firewall-> get policy
Total regular policies 23, Default deny.
    76 Untrust  Trust    Any          VIP(61.144.~ OpenSSH              Permit enabled -----X
    78 Untrust  Trust    Any          VIP(61.144.~ RemoteDesktop        Permit enabled -----X
		
		

policy id = 79

set policy id 79
set service "HTTPS"
		

unset service "SSH"
exit
		

comments powered by Disqus