firewall defend udp-flood enable firewall defend smurf enable firewall defend land enable
firewall defend arp-flood enable firewall defend arp-spoofing enable
firewall defend udp-flood base-session max-rate 20000 firewall defend icmp-flood base-session max-rate 255 firewall source-ip detect interface GigabitEthernet0/0/5 firewall source-ip detect interface GigabitEthernet0/0/6
firewall defend icmp-flood interface GigabitEthernet0/0/5 max-rate 200000 firewall defend icmp-flood interface GigabitEthernet0/0/6 max-rate 200000 firewall defend arp-flood interface GigabitEthernet0/0/1 max-rate 50000
自己写的脚本:
ip service-set Tomcat type object
service 0 protocol tcp destination-port 8181 ip service-set Tomcat2 type object
service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8282 ip service-set Tomcat3 type object
service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8585 service 2 protocol tcp destination-port 8787
policy interzone untrust trust inbound policy 0 action permit
policy service service-set icmp policy service service-set Tomcat
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.66 0 policy destination 172.16.4.67 0 policy destination 172.16.4.123 0 policy 1 action permit
policy service service-set ftp policy service service-set icmp
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.71 0
policy 2 action permit
policy service service-set icmp policy service service-set Tomcat2
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.72 0
policy 3 action permit
policy service service-set icmp policy service service-set Tomcat3
policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.119 0
firewall defend arp-flood enable //开启arp泛洪功能
华为防火墙配置使用手册(自己写)
