IX2015設定ファイルダンプ

IX2015 設定サンプル

IX2015の設定ファイルコピペ。

設定の方向性:

NAPT環境
不要なパケットは外に出さない
LANからのみtelnet接続可能

	! NEC Portable Internetwork Core Operating System Software
	! IX Series IX2010 (magellan-sec) Software, Version 8.3.44, RELEASE SOFTWARE
	! Compiled Oct 20-Tue-2009 13:28:55 JST #1
	! Current time Jan 05-Tue-2010 14:53:33 JST
	!
	!
	timezone +09 00
	!
	!
	!
	!
	!
	!
	ntp ip enable
	ntp server 133.27.4.121
	ntp server 210.173.160.27
	ntp retry 3
	ntp interval 3600
	!
	!
	!
	!
	!
	ip dhcp enable
	ip access-list all-pass permit ip src any dest any
	ip access-list mynetwork permit ip src 192.168.0.0/24 dest any
	ip access-list specialuse deny ip src 10.0.0.0/8 dest any
	ip access-list specialuse deny ip src 172.16.0.0/12 dest any
	ip access-list specialuse deny ip src 192.168.0.0/16 dest any
	ip access-list specialuse deny ip src 127.0.0.0/8 dest any
	ip access-list specialuse deny ip src 169.254.0.0/16 dest any
	ip access-list specialuse deny ip src 192.0.2.0/24 dest any
	ip access-list specialuse deny ip src 224.0.0.0/3 dest any
	ip access-list specialuse deny ip src 198.18.0.0/15 dest any
	ip access-list strict-block deny tcp src any sport any dest any dport eq 137
	ip access-list strict-block deny udp src any sport any dest any dport eq 137
	ip access-list strict-block deny udp src any sport any dest any dport eq 138
	ip access-list strict-block deny tcp src any sport any dest any dport eq 139
	ip access-list strict-block deny tcp src any sport any dest any dport eq 445
	ip access-list strict-block deny udp src any sport any dest any dport eq 445
	ip access-list weak-block deny tcp src any sport any dest any dport eq 1
	ip access-list weak-block deny udp src any sport any dest any dport eq 1
	ip access-list weak-block deny tcp src any sport any dest any dport eq 11
	ip access-list weak-block deny udp src any sport any dest any dport eq 11
	ip access-list weak-block deny tcp src any sport any dest any dport eq 15
	ip access-list weak-block deny udp src any sport any dest any dport eq 15
	ip access-list weak-block deny tcp src any sport any dest any dport eq 67
	ip access-list weak-block deny tcp src any sport any dest any dport eq 68
	ip access-list weak-block deny tcp src any sport any dest any dport eq 70
	ip access-list weak-block deny udp src any sport any dest any dport eq 70
	ip access-list weak-block deny tcp src any sport any dest any dport eq 79
	ip access-list weak-block deny udp src any sport any dest any dport eq 79
	ip access-list weak-block deny tcp src any sport any dest any dport eq 87
	ip access-list weak-block deny udp src any sport any dest any dport eq 87
	ip access-list weak-block deny tcp src any sport any dest any dport eq 95
	ip access-list weak-block deny udp src any sport any dest any dport eq 95
	ip access-list weak-block deny tcp src any sport any dest any dport eq 111
	ip access-list weak-block deny udp src any sport any dest any dport eq 111
	ip access-list weak-block deny tcp src any sport any dest any dport eq 135
	ip access-list weak-block deny udp src any sport any dest any dport eq 135
	ip access-list weak-block deny tcp src any sport any dest any dport eq 144
	ip access-list weak-block deny udp src any sport any dest any dport eq 144
	ip access-list weak-block deny tcp src any sport any dest any dport eq 161
	ip access-list weak-block deny udp src any sport any dest any dport eq 161
	ip access-list weak-block deny tcp src any sport any dest any dport eq 162
	ip access-list weak-block deny udp src any sport any dest any dport eq 162
	ip access-list weak-block deny tcp src any sport any dest any dport eq 177
	ip access-list weak-block deny udp src any sport any dest any dport eq 177
	ip access-list weak-block deny tcp src any sport any dest any dport eq 220
	ip access-list weak-block deny udp src any sport any dest any dport eq 220
	ip access-list weak-block deny tcp src any sport any dest any dport eq 445
	ip access-list weak-block deny udp src any sport any dest any dport eq 445
	ip access-list weak-block deny tcp src any sport any dest any dport eq 512
	ip access-list weak-block deny udp src any sport any dest any dport eq 512
	ip access-list weak-block deny tcp src any sport any dest any dport eq 513
	ip access-list weak-block deny udp src any sport any dest any dport eq 513
	ip access-list weak-block deny tcp src any sport any dest any dport eq 514
	ip access-list weak-block deny udp src any sport any dest any dport eq 514
	ip access-list weak-block deny tcp src any sport any dest any dport eq 515
	ip access-list weak-block deny udp src any sport any dest any dport eq 515
	ip access-list weak-block deny tcp src any sport any dest any dport eq 517
	ip access-list weak-block deny udp src any sport any dest any dport eq 517
	ip access-list weak-block deny tcp src any sport any dest any dport eq 518
	ip access-list weak-block deny udp src any sport any dest any dport eq 518
	ip access-list weak-block deny tcp src any sport any dest any dport eq 520
	ip access-list weak-block deny udp src any sport any dest any dport eq 520
	ip access-list weak-block deny tcp src any sport any dest any dport eq 540
	ip access-list weak-block deny udp src any sport any dest any dport eq 540
	ip access-list weak-block deny tcp src any sport any dest any dport eq 1025
	ip access-list weak-block deny udp src any sport any dest any dport eq 1025
	ip access-list weak-block deny tcp src any sport any dest any dport eq 2000
	ip access-list weak-block deny udp src any sport any dest any dport eq 2000
	ip access-list weak-block deny tcp src any sport any dest any dport eq 2049
	ip access-list weak-block deny udp src any sport any dest any dport eq 2049
	ip access-list weak-block deny tcp src any sport any dest any dport eq 2766
	ip access-list weak-block deny udp src any sport any dest any dport eq 2766
	ip access-list weak-block deny tcp src any sport any dest any dport range 6000 6063
	ip access-list weak-block deny udp src any sport any dest any dport range 6000 6063
	ip access-list weak-block deny tcp src any sport any dest any dport eq 12345
	ip access-list weak-block deny udp src any sport any dest any dport eq 12345
	ip filter forced-reassembly
	!
	!
	!
	!
	!
	!
	!
	dns cache enable
	!
	proxy-dns ip enable
	proxy-dns server 8.8.8.8 priority 200
	proxy-dns server 8.8.4.4
	proxy-dns ipv6 enable
	!
	telnet-server ip enable
	telnet-server ip access-list mynetwork
	!
	!
	!
	!
	!
	!
	!
	!
	!
	ip dhcp profile lan
	assignable-range 192.168.0.100 192.168.0.254
	subnet-mask 255.255.255.0
	dns-server 192.168.0.1
	!
	device FastEthernet0/0
	!
	device FastEthernet0/1
	!
	device FastEthernet1/0
	!
	device BRI1/0
	isdn switch-type hsd128k
	!
	interface FastEthernet0/0.0
	ip address 192.168.0.1/24
	ip dhcp binding lan
	ipv6 address autoconfig
	no shutdown
	!
	interface FastEthernet0/1.0
	ip address dhcp receive-default
	ip napt enable
	ip filter strict-block 1 in
	ip filter weak-block 100 in
	ip filter specialuse 101 in
	ip filter all-pass 65000 in
	ip filter strict-block 1 out
	ip filter mynetwork 50 out
	ip filter weak-block 100 out
	ip filter specialuse 101 out
	ip filter all-pass 65000 out
	ipv6 address autoconfig
	no shutdown
	!
	interface FastEthernet1/0.0
	no ip address
	shutdown
	!
	interface BRI1/0.0
	encapsulation ppp
	no auto-connect
	no ip address
	shutdown
	!
	interface Loopback0.0
	no ip address
	!
	interface Null0.0
	no ip address

view raw gistfile1.txt hosted with ❤ by GitHub

IX2015設定ファイルダンプ

カテゴリ別人気記事

Comments