关于华为USG设备ACL的配置问题

#
firewall packet-filter default permit interzone local trust direction inbound
firewall packet-filter default permit interzone local trust direction outbound
firewall packet-filter default permit interzone local untrust direction inbound
firewall packet-filter default permit interzone local untrust direction outbound
firewall packet-filter default permit interzone local dmz direction inbound
firewall packet-filter default permit interzone local dmz direction outbound
firewall packet-filter default permit interzone trust dmz direction inbound
firewall packet-filter default permit interzone trust dmz direction outbound
firewall packet-filter default permit interzone dmz untrust direction inbound
firewall packet-filter default permit interzone dmz untrust direction outbound
#
nat address-group 1 192.168.0.7 192.168.0.9
nat server protocol tcp global 192.168.0.7 8080 inside 192.168.10.100 www
#
interface Ethernet0/0/0
ip address 192.168.0.1 255.255.255.0
#
interface Ethernet0/0/1
ip address 192.168.10.1 255.255.255.0
dhcp select interface

dhcp server dns-list 202.102.128.1
dhcp server expired day 10 hour 10
ip address-set shangwang
address 1 192.168.10.2 0
#
acl number 2000
step 10
rule 50 permit source address-set shangwang
#
acl number 3000
step 10
rule 50 permit tcp destination 192.168.10.100 0 destination-port eq www
firewall zone trust
set priority 85
add interface Ethernet0/0/1
#
firewall zone untrust
set priority 5
add interface Ethernet0/0/0
firewall interzone trust untrust
packet-filter 3000 inbound
packet-filter 2000 outbound
nat outbound 2000 address-group 1

为什么在0/0/1下接的PCping00/0/0接口地址能ping通啊。。防火墙没命中原因在哪呢？

举报该文章

其他看法

第1个回答 2014-10-16

防火墙默认允许，acl规则最后要加一条拒绝所有才能生效

第2个回答 2011-09-11

华为的手机真是毛病多啊，都是华为的问题

第3个回答 2011-09-10

不知道

相似回答

大家正在搜