Configuration of a Firewall-HUAWEI

********Firewall Configuration*********

To add IP address 192.168.10.18 to the firewall blacklist with the aging time of 100 min, do as follows:

OLT(config)#firewall blacklist item 192.168.10.18 timeout 100    
OLT(config)#firewall blacklist enable

To add the IP addresses in network segment 10.10.10.0 to the firewall blacklist and bind ACL 3000 to these IP addresses, do as follows:

OLT(config)#acl 3000 
OLT(config-acl-adv-3000)#rule deny ip source 10.10.10.0 0.0.0.255 destination
 10.10.10.20 0 
OLT(config-acl-adv-3000)#quit 
OLT(config)#firewall blacklist enable acl-number 3000

To deny the users in network segment 172.16.25.0 to access the maintenance Ethernet port with IP address 172.16.25.28 on the device, do as follows:

OLT(config)#acl 3001
OLT(config-acl-adv-3001)#rule 5 deny icmp source 172.16.25.0 0.0.0.255 destin
ation 172.16.25.28 0  
OLT(config-acl-adv-3001)#quit 
OLT(config)#firewall enable
OLT(config)#interface meth 0
OLT(config-if-meth0)#firewall packet-filter 3001 inbound 
 ACL applied successfully

                                   *******END*******

Be the first to comment

Leave a Reply

Your email address will not be published.


*


For security, use of Google's reCAPTCHA service is required which is subject to the Google Privacy Policy and Terms of Use.

I agree to these terms.