刪除 所有策略

rmfilt -v 4 -n all

1、查看所有deny的策略，注意rule no 和端口地址

1,root@ODS_DB1[/tmp/ibmsupt]# lsfilt |grep -p 0.0.0.0

Beginning of IPv4 filter rules.

Rule 242:

Rule action : deny

Source Address : 0.0.0.0

Source Mask : 0.0.0.0

Destination Address : 192.168.10.188

Destination Mask : 255.255.255.255

Source Routing : yes

Protocol : all

Source Port : gt 1023

Destination Port : eq 50000

Scope : both

Direction : both

Logging control : no

Fragment control : all packets

Tunnel ID number : 0

Interface : all

Auto-Generated : no

Expiration Time : 0

Description :

Rule 243:

Rule action : deny

Source Address : 0.0.0.0

Source Mask : 0.0.0.0

Destination Address : 192.168.10.190

Destination Mask : 255.255.255.255

Source Routing : yes

Protocol : all

Source Port : gt 1023

Destination Port : eq 50000

Scope : both

Direction : both

Logging control : no

Fragment control : all packets

Tunnel ID number : 0

Interface : all

Auto-Generated : no

Expiration Time : 0

Description :

Rule 244:

Rule action : deny

Source Address : 0.0.0.0

Source Mask : 0.0.0.0

Destination Address : 192.168.10.190

Destination Mask : 255.255.255.255

Source Routing : yes

Protocol : all

Source Port : gt 1023

Destination Port : eq 23

Scope : both

Direction : both

Logging control : no

Fragment control : all packets

Tunnel ID number : 0

Interface : all

Auto-Generated : no

Expiration Time : 0

Description :

Rule 245:

Rule action : deny

Source Address : 0.0.0.0

Source Mask : 0.0.0.0

Destination Address : 192.168.10.188

Destination Mask : 255.255.255.255

Source Routing : yes

Protocol : all

Source Port : gt 1023

Destination Port : eq 23

Scope : both

Direction : both

Logging control : no

Fragment control : all packets

Tunnel ID number : 0

Interface : all

Auto-Generated : no

Expiration Time : 0

Description :

2 刪除需要deny的策略代碼(注意刪除了一條策略后，會(huì)自動(dòng)向前補(bǔ)一條。如果要?jiǎng)h除需要重新查看后刪除)

2,

root@ODS_DB1[/tmp/ibmsupt]# rmfilt -v 4 -n 242

Filter rule 242 for IPv4 has been removed successfully.

3、添加路由策略 注意IP地址 掩碼 端口

3,

genfilt -v 4 -a P -s 192.168.10.141 -m 255.255.255.255 -d 192.168.10.191 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000

genfilt -v 4 -a P -s 192.168.10.143 -m 255.255.255.255 -d 192.168.10.191 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000

genfilt -v 4 -a P -s 192.168.10.141 -m 255.255.255.255 -d 192.168.10.189 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000

genfilt -v 4 -a P -s 192.168.10.143 -m 255.255.255.255 -d 192.168.10.189 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000

4、添加 deny 路由規(guī)則和端口

4,

genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 192.168.10.191 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000

genfilt -v 4 -a D -s 0.0.0.0 -m 0.0.0.0 -d 192.168.10.189 -M 255.255.255.255 -o gt -p 1023 -O eq -P 50000

5、更新路由規(guī)則

5,

mkfilt -v 4 -u

6、查看時(shí)候生效(包含deny)

6,

lsfilt |grep -p 192.168.10.141

lsfilt |grep -p 0.0.0.0

121 permit 192.168.10.0 255.255.255.224 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none

122 permit 192.168.10.245 255.255.255.255 136.5.9.51 255.255.255.255 yes all gt 1023 eq 2201 both both no all packets 0 all 0 none

123 deny 0.0.0.0 0.0.0.0 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none

121 permit 192.168.10.0 255.255.255.224 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none

122 permit 192.168.10.245 255.255.255.255 136.5.9.51 255.255.255.255 yes all gt 1023 eq 2201 both both no all packets 0 all 0 none

123 permit 192.168.10.178 255.255.255.0 136.5.9.51 255.255.255.255 yes all gt 1023 eq 2201 both both no all packets 0 all 0 none

124 deny 0.0.0.0 0.0.0.0 136.5.9.51 255.255.255.255 yes all gt 1 eq 2201 both both no all packets 0 all 0 none

genfilt -v 4 -n 123 -a P -s 192.168.10.178 -m 255.255.255.0 -d 136.5.9.51 -M 255.255.255.255 -o gt -p 1023 -O eq -P 2201

ps:如果需要一個(gè)段的IP

如

總結(jié)

以上是生活随笔為你收集整理的aix 查看防火墙状态_AIX防火墙策略的全部?jī)?nèi)容，希望文章能夠幫你解決所遇到的問(wèn)題。

如果覺(jué)得生活随笔網(wǎng)站內(nèi)容還不錯(cuò)，歡迎將生活随笔推薦給好友。