Quidway Eudemon 系列防火牆
示例是增加本機IP 173.6.8.164，使其能直接訪問實時庫
步驟：
1.透過查詢網路電路圖確定是經過防火牆10.248.2.188，telnet到此防火牆[@more@]

#telnet 10.248.2.188
HRP_Msu 3
Password
2.進入系統模式
HRP_Msystem-view
Enter system view , return user view with Ctrl+Z.
3.檢視有哪些訪問控制列表
HRP_M[Eudemon_1]display current-configuration
#
acl number 3001
description su
rule 1 permit ip source 173.6.8.180 0 destination 10.248.2.0 0.0.0.63
rule 2 permit ip source 173.6.8.163 0 destination 10.248.2.0 0.0.0.63
rule 3 permit ip source 173.6.8.174 0 destination 10.248.2.0 0.0.0.63
rule 4 permit ip source 173.6.8.153 0 destination 10.248.2.0 0.0.0.63
rule 5 permit ip source 173.6.8.168 0 destination 10.248.2.0 0.0.0.63
rule 6 permit ip source 173.6.8.164 0 destination 10.248.2.0 0.0.0.63
rule 10 deny ip source 173.6.8.0 0.0.0.255 destination 10.248.2.0 0.0.0.63
rule 15 permit ip
acl number 3002
#
4.進入列表3001
HRP_M[Eudemon_1]acl 3001
HRP_M[Eudemon_1-acl-adv-3001]
5.檢視列表3001（permit允許 deny阻止）
HRP_M[Eudemon_1-acl-adv-3001]display this
#
acl number 3001
description su
rule 1 permit ip source 173.6.8.180 0 destination 10.248.2.0 0.0.0.63
rule 2 permit ip source 173.6.8.163 0 destination 10.248.2.0 0.0.0.63
rule 3 permit ip source 173.6.8.174 0 destination 10.248.2.0 0.0.0.63
rule 4 permit ip source 173.6.8.153 0 destination 10.248.2.0 0.0.0.63
rule 5 permit ip source 173.6.8.168 0 destination 10.248.2.0 0.0.0.63
rule 6 permit ip source 173.6.8.164 0 destination 10.248.2.0 0.0.0.63
rule 10 deny ip source 173.6.8.0 0.0.0.255 destination 10.248.2.0 0.0.0.63
rule 15 permit ip
#
return
HRP_M[Eudemon_1-acl-adv-3001]
6.如果想阻止或允許173.6.8.164，則要如下命令，這個命令實時生效，但是一重啟就會回到原來的狀態
HRP_M[Eudemon_1-acl-adv-3001]undo rule 6 --去掉這個資訊
HRP_M[Eudemon_1-acl-adv-3001]rule 6 permit ip source 173.6.8.164 0 destination 10.248.2.0 0.0.0.63 --增加這個資訊，允許此IP
7.儲存，退回到>符號
HRP_M[Eudemon_1-acl-adv-3001]quit
HRP_M[Eudemon_1]quit
HRP_Msave

Quidway Eudemon 系列防火牆增加IP訪問

相關文章