华三交换机怎么关闭高危端口

Posted 2023-03-31

参考技术A 华为设备接口视图
华为设备接口视图_勒索病毒，华为/H3C三层交换机用ACL端口禁用高危端口

兔乱扔
原创
关注
1点赞·3175人阅读
华为

#
acl number 3100 //创建ALC控制规则
rule 5 deny tcp destination-port eq 445 //禁止TCP 445端口数据
rule 10 deny tcp destination-port eq 135
rule 15 deny tcp destination-port eq 137
rule 20 deny tcp destination-port eq 138
rule 25 deny tcp destination-port eq 139
rule 30 deny udp destination-port eq 445
rule 35 deny udp destination-port eq 135
rule 40 deny udp destination-port eq 137
rule 45 deny udp destination-port eq 138
rule 50 deny udp destination-port eq 139

#
traffic classifier anti_wana operator or precedence 5 //创建流分类
if-match acl 3100 //将ACL与流分类关联
#
traffic behavior anti_wana //创建流行为
deny //动作为禁止
statistic enable //使能流量统计(可选)
#
traffic policy anti_wana match-order config //创建流策略
classifier anti_wana behavior anti_wana //将流分类和流行为进行关联

[全局视图]
traffic-policy anti_wana global inbound //全局应用入方向流策略
traffic-policy anti_wana global outbound //全局应用出方向流策略

[接口视图] //也可以根据使用接口在接口上应用相关流策略
traffic-policy anti_wana inbound
traffi