Sie sind auf Seite 1von 2

ip access-list extended accesslist_2080

permit tcp 148.85.208.0 0.0.15.255 host 148.85.68.23 eq 2080 27000 27001 27002
27003 27004 27005 27006 27007 27008

ip access-list extended acl_inbound_vlan300_03

permit cp 148.85.208.0 0.0.15.255 host 148.85.68.23 range 2700 2709

permit tcp 148.85.208.0 0.0.15.255 host 148.85.68.23 eq 2080

deny udp any any range 135 netbios-ss


deny tcp any any range 135 139
deny udp any any eq 445
deny tcp any any eq 445
remark - Temporarily permit all other traffic from VLAN 300
remark - (to correct for weird routing problems through
remark - the Five-College router)
permit ip any any

end

ip access-list extended NetregNAT


permit tcp host 148.85.34.11 any eq www
permit tcp host 148.85.34.11 any eq 443
permit tcp host 148.85.34.3 any eq www
permit tcp host 148.85.34.3 any eq 443

ip access-list extended acl_inbound_vlan300_03


remark Traffic inbound from main VLAN (148.85.0.0/16)
remark - Permit traffic from Domain Controllers
remark - (So NETREG machines can log into the domain)
permit ip host 148.85.136.31 any
permit ip host 148.85.136.32 any
permit ip host 148.85.136.33 any
remark - Deny outbound NETBIOS traffic except UMASS/Mimsy
remark - (To help reduce Blaster-type load on 6509 MSFC)
permit udp any 148.85.0.0 0.0.255.255 range 135 netbios-ss
permit tcp any 148.85.0.0 0.0.255.255 range 135 139
permit udp any 148.85.0.0 0.0.255.255 eq 445
permit tcp any 148.85.0.0 0.0.255.255 eq 445
permit udp any host 128.119.166.87 range 135 netbios-ss
permit tcp any host 128.119.166.87 range 135 139
permit udp any host 128.119.166.87 eq 445
permit tcp any host 128.119.166.87 eq 445
deny udp any any range 135 netbios-ss
deny tcp any any range 135 139
deny udp any any eq 445
deny tcp any any eq 445
remark - Temporarily permit all other traffic from VLAN 300
remark - (to correct for weird routing problems through
remark - the Five-College router)
permit ip any any
ip access-list extended acl_inbound_vlan300_04
remark Traffic inbound from main VLAN (148.85.0.0/16)
remark - Permit traffic from Domain Controllers
remark - (So NETREG machines can log into the domain)
permit ip host 148.85.136.31 any
permit ip host 148.85.136.32 any
permit ip host 148.85.136.33 any
remark - Deny outbound NETBIOS traffic except UMASS/Mimsy
remark - (To help reduce Blaster-type load on 6509 MSFC)
permit udp any 148.85.0.0 0.0.255.255 range 135 netbios-ss
permit tcp any 148.85.0.0 0.0.255.255 range 135 139
permit udp any 148.85.0.0 0.0.255.255 eq 445
permit tcp any 148.85.0.0 0.0.255.255 eq 445
permit udp any host 128.119.166.87 range 135 netbios-ss
permit tcp any host 128.119.166.87 range 135 139
permit udp any host 128.119.166.87 eq 445
permit tcp any host 128.119.166.87 eq 445
permit udp any host 128.119.229.26 range 135 netbios-ss
permit tcp any host 128.119.229.26 range 135 139
permit udp any host 128.119.229.26 eq 445
permit tcp any host 128.119.229.26 eq 445
deny udp any any range 135 netbios-ss
deny tcp any any range 135 139
deny udp any any eq 445
deny tcp any any eq 445
remark - Temporarily permit all other traffic from VLAN 300
remark - (to correct for weird routing problems through
remark - the Five-College router)
permit ip any any
ip access-list extended acl_inbound_vlan332_01

Das könnte Ihnen auch gefallen