ISDN路由器的高级设置(2)

chanmi

封锁非法Web站点
互联网上的网站品质良莠不齐，还有很多非法、反动站点。本例即是讲解如何设置过滤器，以达到封锁非法Web站点的目的。
例如，我们想禁止用户访问XXX.XXX.XX.XXX站点，就可以进行如下设置 ：
1．首先在Menu 21中建立一个过滤项  
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
1 Block a Web7 7
2 8
3 9
4 10
5 11
6 12
Enter Filter Set Number to Configure= 0
Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
2．然后在过滤项中建立一条过滤规则  
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 0 IP Source Route= No
Destination: IP Addr= XXX.XXX.XX.XXX
IP Mask= 255.255.255.255
Port #=
Port # Comp= None
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #=
Port # Comp= None
TCP Estab= N/A
More= No Log= None
Action Matched= Drop
Action Not Matched= Forward
Press ENTER to Confirm or ESC to Cancel:
3．最后在Menu 3．1的＇Input Filter Set＇中激活该过滤项就可以了  
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=1
device filters=
Output Filter Sets:
protocol filters=
device filters=
http://www.jiancenj.com/x/forum.php?mod=viewthread&tid=76237&extra=page%3D1

chanmi

设置防火墙
P100IH具有简单的防火墙功能，通过对数据封包的过滤，可以阻挡来自互联网上黑客的攻击。简单的防火墙的端口设置如下：
· 允许 ARP、ICMP、Ping；
· 允许 TCP、UDP ＞ 1023的传输端口；
· 允许 HTTP、SMTP、MNTP、DNS；
· 阻止其它任何来自于Internet的数据包。
设置过滤器过程如下：
1．在Menu 21中建立一个过滤项  
Menu 21 - Filter Set Configuration
Filter Filter
Set # Comments Set # Comments
1 Firewall 7 7
2 8
3 9
4 10
5 11
6 12
Enter Filter Set Number to Configure= 0
　 Edit Comments=
Press ENTER to Confirm or ESC to Cancel:
2．分别建立四条过滤规则：Menu 21．1．1，Menu 21．1．2，Menu 21．1．3，……  
规则1：允许ICMP（包括Ping）  
Menu 21.1.1 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 1 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
规则2：允许UDP端口＞1023  
Menu 21.1.2 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 1023
Port # Comp= Greater
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
规则3：允许TCP端口＞1023  
Menu 21.1.3 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 6 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 1023
Port # Comp= Greater
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Check Next Rule
Press ENTER to Confirm or ESC to Cancel:
规则4：允许DNS请求，阻止所有其它的数据封包  
Menu 21.1.5 - TCP/IP Filter Rule
Filter #: 1,1
Filter Type= TCP/IP Filter Rule
Active= Yes
IP Protocol= 17 IP Source Route= No
Destination: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 53
Port # Comp= Equal
Source: IP Addr= 0.0.0.0
IP Mask= 0.0.0.0
Port #= 0
Port # Comp= None
TCP Estab= No
More= No Log= None
Action Matched= Forward
Action Not Matched= Drop
Press ENTER to Confirm or ESC to Cancel:
以上4条过滤规则的汇总选单Menu 21，如下所示：
3．最后，在Menu 3．1的＇Input Filter Set＇中激活该过滤项就可以了  
Menu 3.1 - General Ethernet Setup
Input Filter Sets:
protocol filters=1
device filters=
Output Filter Sets:
protocol filters=
device filters=

lovehebe101010