|
1
2
3
4
5
6
7
8
9
10
11
12
13
14
|
acl number 3300
description GITLAB ACCESS LIMIT
rule 50 permit tcp
source
192.168.192.0 0.0.0.3 destination 192.168.90.250 0 destination-port
eq
389
# 允许其它网段ping 192.x, 禁止192.x ping 其它网段
rule 100 deny icmp
source
192.168.192.0 0.0.0.3 destination 192.168.0.0 0.0.255.255 icmp-
type
echo
rule 101 deny icmp
source
192.168.192.0 0.0.0.3 destination 172.16.0.0 0.15.255.255 icmp-
type
echo
# 允许其它网段访问 192.x, 禁止192.x 访问其它网段
rule 105 deny tcp ack 0
source
192.168.192.0 0.0.0.3 destination 192.168.0.0 0.0.255.255
rule 106 deny tcp ack 0
source
192.168.192.0 0.0.0.3 destination 172.16.0.0 0.15.255.255
interface Vlan-interface300
description GITLAB
ip address 192.168.192.1 255.255.255.252
packet-filter 3300 inbound
|
本文转自 nonono11 51CTO博客,原文链接:http://blog.51cto.com/abian/1975996,如需转载请自行联系原作者
