当前位置：首页 > 华为防火墙配置使用手册（自己写）

华为防火墙配置使用手册（自己写）

62 次阅读
3 次下载
2026/4/28 1:58:16

移动策略的优先级：域间或者域内视图下。

policy move policy-id1 { before | after } policy-id2命令用来移动策略优先级，比如policy move 2 before 4 ，before就是指将policy-id1的优先级调整到policy-id2之前，after指的是将policy-id1的优先级调整到policy-id2之后。

firewall statistic system enable //开启报文的统计功能，缺省情况下，系统级的流量统计和监

控功能开启。 Web管理端口配置 web-manager enable

web-manager enable port 8099

web-manager security enable //开启https管理功能 web-manager security enable port 8443 undo web-manager config-guide enable

telnet server enable //开启telnet配置功能防火墙“安全防护”里的配置。

firewall defend action alert

firewall defend udp-short-header enable firewall defend port-scan enable firewall defend ip-sweep enable firewall defend teardrop enable firewall defend ip-fragment enable firewall defend tcp-flag enable firewall defend winnuke enable firewall defend fraggle enable firewall defend ping-of-death enable firewall defend udp-flood enable

firewall defend smurf enable firewall defend land enable

firewall defend arp-flood enable firewall defend arp-spoofing enable

firewall defend udp-flood base-session max-rate 20000 firewall defend icmp-flood base-session max-rate 255 firewall source-ip detect interface GigabitEthernet0/0/5 firewall source-ip detect interface GigabitEthernet0/0/6

firewall defend icmp-flood interface GigabitEthernet0/0/5 max-rate 200000 firewall defend icmp-flood interface GigabitEthernet0/0/6 max-rate 200000 firewall defend arp-flood interface GigabitEthernet0/0/1 max-rate 50000

自己写的脚本：

ip service-set Tomcat type object

service 0 protocol tcp destination-port 8181 ip service-set Tomcat2 type object

service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8282 ip service-set Tomcat3 type object

service 0 protocol tcp destination-port 8181 service 1 protocol tcp destination-port 8585 service 2 protocol tcp destination-port 8787

policy interzone untrust trust inbound policy 0 action permit

policy service service-set icmp policy service service-set Tomcat

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.66 0 policy destination 172.16.4.67 0 policy destination 172.16.4.123 0 policy 1 action permit

policy service service-set ftp policy service service-set icmp

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.71 0

policy 2 action permit

policy service service-set icmp

policy service service-set Tomcat2

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.72 0

policy 3 action permit

policy service service-set icmp policy service service-set Tomcat3

policy source 192.168.200.0 mask 255.255.255.0 policy destination 172.16.4.119 0

firewall defend arp-flood enable //开启arp泛洪功能

搜索更多关于：华为防火墙配置使用手册（自己写）的文档

版权认领

下载文档10.00 元 加入VIP免费下载

推荐下载

本文作者：...

共分享92篇相关文档

文档简介：

移动策略的优先级：域间或者域内视图下。 policy move policy-id1 { before | after } policy-id2命令用来移动策略优先级，比如policy move 2 before 4 ，before就是指将policy-id1的优先级调整到policy-id2之前，after指的是将policy-id1的优先级调整到policy-id2之后。 firewall statistic system enable //开启报文的统计功能，缺省情况下，系统级的流量统计和监控功能开启。 Web管理端口配置 web-manager enable web-manager enable port 8099 web-manager security enable /

华为防火墙配置使用手册（自己写）

相关文档

相关推荐