YAMAHA RT シリーズ ポートを閉じつつ確立したパケットを通過させる方法

Last update 2011.06.12

login password *
administrator password *
security class 2 off off
console columns 200
console lines infinity
pp line l128

ip filter 1 reject 192.168.0.0/16 * * * *
ip filter 2 reject 172.16.0.0/12 * * * *
ip filter 3 reject 10.0.0.0/8 * * * *
ip filter 4 reject 127.0.0.1 * * * *
ip filter 5 reject 210.145.140.144/28 * * * *

ip filter 10 reject * 210.145.140.145 tcp,udp * 23,80
ip filter 11 reject * 210.145.140.146 tcp,udp * 23

ip filter 30 pass * 210.145.140.146 established * *

ip filter 40 pass 210.145.140.146 * tcp,udp 25,53,80 *

ip filter 50 reject * * udp,tcp * 1,7,11,15,43,67,69,70,79,87
ip filter 51 reject * * udp,tcp * 95,109,111,144,161-162,177,220,512-515,517-518,520
ip filter 52 reject * * udp,tcp * 540,1025,2000,2049,2766,6000-6999,8080
ip filter 53 reject * * udp,tcp * 137-139,445,568-569,1433-1434,1477-1478,1512,1755,1801,2393-2394,2525
ip filter 54 reject * * udp,tcp * 3268-3269,3389,31337
ip filter 55 reject * * udp,tcp * 5631-5632
ip filter 56 reject * * icmp-info * *

ip filter 70 pass-log * 210.145.140.159 * * *
ip filter 71 pass-log * 210.145.140.144 * * *
ip filter 72 pass-log * 210.145.140.145 * * *
ip filter 73 pass * 210.145.140.146 * * *

ip filter 100 pass * * * * *

ip filter source-route on
ip filter directed-broadcast on
ip lan address 210.145.140.145/28
ip lan routing protocol none

pp select leased
ip pp route add net default 1
ip pp secure filter in 1 2 3 4 5 10 11 30 50 51 52 53 54 55 56 70 71 72 73
ip pp secure filter out 1 2 3 4 40 50 51 52 53 54 55 100
pp enable leased

syslog host 210.145.140.146
syslog notice on
dns server 210.145.140.146
dns domain ripe.co.jp
dns syslog resolv on
schedule at */* 04:00 leased ntpdate 210.145.140.146

back.gif (1980 バイト)

home.gif (1907 バイト)

Copyright © MURA All rights reserved.