封锁非法Web站点
互联网上的网站品质良莠不齐,还有很多非法、反动站点。本例即是讲解如何设置过滤器,以达到封锁非法Web站点的目的。
例如,我们想禁止用户访问XXX.XXX.XX.XXX站点,就可以进行如下设置 :
| 1.首先在Menu 21中建立一个过滤项 |
| Menu 21 - Filter Set Configuration Filter Filter Set # Comments Set # Comments 1 Block a Web7 7 2 8 3 9 4 10 5 11 6 12 Enter Filter Set Number to Configure= 0 Edit Comments= Press ENTER to Confirm or ESC to Cancel: |
| 2.然后在过滤项中建立一条过滤规则 |
| Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 0 IP Source Route= No Destination: IP Addr= XXX.XXX.XX.XXX IP Mask= 255.255.255.255 Port #= Port # Comp= None Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= Port # Comp= None TCP Estab= N/A More= No Log= None Action Matched= Drop Action Not Matched= Forward Press ENTER to Confirm or ESC to Cancel: |
| 3.最后在Menu 3.1的'Input Filter Set'中激活该过滤项就可以了 |
| Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters=1 device filters= Output Filter Sets: protocol filters= device filters= |
| 1.在Menu 21中建立一个过滤项 |
| Menu 21 - Filter Set Configuration Filter Filter Set # Comments Set # Comments 1 Firewall 7 7 2 8 3 9 4 10 5 11 6 12 Enter Filter Set Number to Configure= 0 Edit Comments= Press ENTER to Confirm or ESC to Cancel: |
| 2.分别建立四条过滤规则:Menu 21.1.1,Menu 21.1.2,Menu 21.1.3,…… |
| 规则1:允许ICMP(包括Ping) |
| Menu 21.1.1 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 1 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Forward Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: |
| 规则2:允许UDP端口>1023 |
| Menu 21.1.2 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 1023 Port # Comp= Greater Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Forward Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: |
| 规则3:允许TCP端口>1023 |
| Menu 21.1.3 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 6 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 1023 Port # Comp= Greater Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Forward Action Not Matched= Check Next Rule Press ENTER to Confirm or ESC to Cancel: |
| 规则4:允许DNS请求,阻止所有其它的数据封包 |
| Menu 21.1.5 - TCP/IP Filter Rule Filter #: 1,1 Filter Type= TCP/IP Filter Rule Active= Yes IP Protocol= 17 IP Source Route= No Destination: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 53 Port # Comp= Equal Source: IP Addr= 0.0.0.0 IP Mask= 0.0.0.0 Port #= 0 Port # Comp= None TCP Estab= No More= No Log= None Action Matched= Forward Action Not Matched= Drop Press ENTER to Confirm or ESC to Cancel: |
| 3.最后,在Menu 3.1的'Input Filter Set'中激活该过滤项就可以了 |
| Menu 3.1 - General Ethernet Setup Input Filter Sets: protocol filters=1 device filters= Output Filter Sets: protocol filters= device filters= |
|