防火墙2

Posted tiamolj

tags:

篇首语:本文由小常识网(cha138.com)小编为大家整理,主要介绍了防火墙2相关的知识,希望对你有一定的参考价值。

技术图片

 

 

 1.

interface GigabitEthernet1/0/1
undo shutdown
ip address 200.1.1.1 255.255.255.0

interface GigabitEthernet1/0/4
undo shutdown
ip address 169.254.43.1 255.255.255.0

service-manage enable  #进入到管理模式

service-manage all permit  #允许所有

(service-manage http permit
  service-manage https permit
  service-manage ping permit
  service-manage ssh permit
  service-manage snmp permit
  service-manage telnet permit)

firewall zone local
set priority 100
#
firewall zone trust
set priority 85
add interface GigabitEthernet0/0/0
add interface GigabitEthernet1/0/2
add interface GigabitEthernet1/0/4
#
firewall zone untrust
set priority 5
add interface GigabitEthernet1/0/3
#
firewall zone dmz
set priority 50
add interface GigabitEthernet1/0/1

security-policy
rule name permit_trust_dmz
source-zone trust
destination-zone dmz
service http
service icmp
action permit

2.

[FW1]security-policy       #安全策略
[FW1-policy-security]rule name permit_telnet    #安全策略名字
[FW1-policy-security-rule-permit_telnet]source-zone trust    #配置安全策略源区域trust
[FW1-policy-security-rule-permit_telnet]destination-zone local  
[FW1-policy-security-rule-permit_telnet]action permit #允许trust区域访问防火墙本地区域local

[FW1]user-interface vty 0 4  #配置vty,允许5个终端使用telnet功能

[FW1-ui-vty0-4]authentication-mode aaa  配置telnet使用aaa身份验证

[FW1-ui-vty0-4]protocol inbound telnet    允许aaa验证telnet

[FW1]aaa  进入aaa验证

[FW1-aaa]manager-user benet

[FW1-aaa-manager-user-lj]password cipher lj@12345  

[FW1-aaa-manager-user-lj]service-type telnet   aaa给telnet提供验证功能

[FW1-aaa-manager-user-lj]level 15  设置telnet账户li为管理员权限

#“0”是参观级别,啥都做不了;“1”是监控级别,可以查看相关配置;“2”为配置级别,可以配置部分参数;“3-15”是管理级别,拥有最大的权限

技术图片

 

 

 技术图片

 

ssh:

[FW1]security-policy
[FW1-policy-security]rule name permit_ssh
[FW1-policy-security-rule-permit_ssh]source-zone trust
[FW1-policy-security-rule-permit_ssh]destination-zone local
[FW1-policy-security-rule-permit_ssh]action permit

[FW1]rsa local-key-pair create   #设置ssh密钥对,最长2048

The key name will be: FW1_Host
The range of public key size is (2048 ~ 2048).
NOTES: If the key modulus is greater than 512,
it will take a few minutes.
Input the bits in the modulus[default = 2048]:2048
Generating keys...
.+++++
........................++
....++++
...........++

[FW1]user-interface vty 0 4
[FW1-ui-vty0-4]authentication-mode aaa

[FW1-ui-vty0-4]protocol inbound ssh

[FW1]ssh user ljssh

[FW1]ssh user ljssh authentication-type password  #使用密码验证

[FW1]ssh user ljssh service-type stelnet
[FW1]aaa

[FW1-aaa]manager-user ljssh      #AAA验证用户名

[FW1-aaa-manager-user-ljssh]password cipher lj@12345
Info: You are advised to config on man-machine mode.
[FW1-aaa-manager-user-ljssh]service-type ssh#AAA给ssh提供验证

[FW1-aaa-manager-user-ljssh]level 15  #设置ssh验证账户为管理员

[FW1]stelnet server enable  #开启ssh

技术图片

 

 

 

 技术图片

 

 

 

web:

[FW1]security-policy
[FW1-policy-security]rule name permit_web
[FW1-policy-security-rule-permit_web]source-zone trust
[FW1-policy-security-rule-permit_web]destination-zone local
[FW1-policy-security-rule-permit_web]action permit

[FW1]web-manager enable

[FW1]aaa

[FW1-aaa]manager-user web #配置验证账户名为web

[FW1-aaa-manager-user-ljweb]password

Enter Password:  输入密码

Confirm Password: 重新输入
[FW1-aaa-manager-user-ljweb]service-type web
[FW1-aaa-manager-user-ljweb]level 15

技术图片

 

以上是关于防火墙2的主要内容,如果未能解决你的问题,请参考以下文章

centos7.2防火墙为啥关不了

Linux中的防火墙netfilter/iptables 简介

系统安全之防火墙

linux-iptables防火墙

Ubuntu防火墙使用

防火墙知识点详解