實驗需求:
1.參考以上拓撲所示,完成以下需求:
1) 配置各設備 IP 地址
2) 配置 ZBFW,Inside-1 和 nside-2 屬于內部 Zone,Outside-1 屬于外部 Zone
zone security inside
zone security outside
zone-pair security in-2-out source inside destination outside
zone-pair security out-2-in source outside destination inside
interface FastEthernet0/0
?ip address 10.1.1.10 255.255.255.0
?zone-member security inside
!
interface FastEthernet1/0
?ip address 202.100.1.10 255.255.255.0
?zone-member security outside
!
interface FastEthernet2/0
?ip address 192.168.1.10 255.255.255.0
?zone-member security inside
測試:
3) 監控 Outbound 的 TCP/UDP/ICM /DNS
class-map type inspect match-any in-out-any
?match protocol tcp
?match protocol udp
?match protocol ftp
?match protocol dns
policy-map type inspect outbound
?class type inspect in-out-any
? inspect
class class-default
? drop
zone-pair security in-2-out source inside destination outside
?service-policy type inspect outbound
測試:
4) 針對 Inbound 的 ICMP 流量為 9000bps burst 為 1MB
class-map type inspect match-all inbound
?match protocol icmp
policy-map type inspect inbound
?class type inspect inbound
? inspect
? police rate 9000 burst 1000
?class class-default
? drop
? zone-pair security out-2-in source outside destination inside
?service-policy type inspect inbound
測試:
5) 監控內部 Zone 的 Telnet/SSH 流
class-map type inspect match-any in-in
?match protocol telnet
?match protocol ssh
policy-map type inspect in-in
?class type inspect in-in
? inspect
?class class-default
? drop
zone-pair security in-in source inside destination inside
?service-policy type inspect in-in
測試:
6) 監控 Inbound 到 self 的 Telnet 流
ip access-list extended in-self
?permit tcp any host 202.100.1.10 eq telnet
?permit tcp any host 10.1.1.10 eq telnet
class-map type inspect match-any telnet
?match access-group name in-self
policy-map type inspect telnet
?class type inspect telnet
? inspect
?class class-default
? drop
zone-pair security in-self source inside destination self
?service-policy type inspect telnet
測試:
)
![[論文閱讀] 人工智能 + 軟件工程 | 大型語言模型對決傳統方法:多語言漏洞修復能力大比拼](http://pic.xiahunao.cn/[論文閱讀] 人工智能 + 軟件工程 | 大型語言模型對決傳統方法:多語言漏洞修復能力大比拼)
