标签:h3c vlan acl
acl number 3300 description GITLAB ACCESS LIMIT rule 50 permit tcp source 192.168.192.0 0.0.0.3 destination 192.168.90.250 0 destination-port eq 389 # 允许其它网段ping 192.x, 禁止192.x ping 其它网段 rule 100 deny icmp source 192.168.192.0 0.0.0.3 destination 192.168.0.0 0.0.255.255 icmp-type echo rule 101 deny icmp source 192.168.192.0 0.0.0.3 destination 172.16.0.0 0.15.255.255 icmp-type echo # 允许其它网段访问 192.x, 禁止192.x 访问其它网段 rule 105 deny tcp ack 0 source 192.168.192.0 0.0.0.3 destination 192.168.0.0 0.0.255.255 rule 106 deny tcp ack 0 source 192.168.192.0 0.0.0.3 destination 172.16.0.0 0.15.255.255 interface Vlan-interface300 description GITLAB ip address 192.168.192.1 255.255.255.252 packet-filter 3300 inbound
标签:h3c vlan acl
原文地址:http://abian.blog.51cto.com/751059/1975996
