关于PIX的配置及注解

核心提示： access-list 120 deny udp any any eq netbios-dgmaccess-list 120 deny udp any any eq 4444access-list 120 deny udp any any eq 1205access-list 120 de

access-list 120 deny udp any any eq netbios-dgm

access-list 120 deny udp any any eq 4444

access-list 120 deny udp any any eq 1205

access-list 120 deny udp any any eq 1209

access-list 120 deny tcp any any eq 445

access-list 120 deny tcp any any range 135 netbios-ssn

access-list 120 permit ip any any

建立访问列表120防止各个不同网段之间的ICMP发包及拒绝135、137等端口之间的通信（主要防止冲击波病毒）

access-list 110 permit ip 192.168.99.0 255.255.255.0 192.168.101.0 255.255.255.0

pager lines 24

logging on

logging monitor debugging

logging buffered debugging

logging trap notifications

mtu outside 1500

mtu inside 1500

mtu dmz 1500

ip address outside 10.1.1.4 255.255.255.224 设定外端口地址

ip address inside 192.168.1.254 255.255.255.0 设定内端口地址

ip address dmz 192.168.19.1 255.255.255.0 设定DMZ端口地址

ip audit info action alarm

ip audit attack action alarm

ip local pool hhyy 192.168.170.1-192.168.170.254

建立名称为hhyy的地址池，起始地址段为：192.168.170.1-192.168.170.254

ip local pool yy 192.168.180.1-192.168.180.254

建立名称为yy 的地址池，起始地址段为：192.168.180.1-192.168.180.254

no failover

failover timeout 0:00:00

failover poll 15

no failover ip address outside

no failover ip address inside

no failover ip address dmz