Foundry Networks AR1216 Benutzerhandbuch
Foundry AR-Series Router User Guide
15 - 56
© 2004 Foundry Networks, Inc.
June 2004
load_balance per_flow
multicast
exit multicast
route 0.0.0.0 0.0.0.0 wan 1
exit ip
policy community_list
exit community_list
crypto
exit crypto
firewall global
exit firewall
firewall internet
interface wan
policy 1024 out self
exit policy
exit firewall
firewall corp
interface ethernet0
object
http-filter javadeny deny *.java
exit object
policy 1021 in deny
exit policy
policy 1022 out self
exit policy
policy 1023 in self
exit policy
policy 1024 out nat-ip 193.168.94.220
apply-object http-filter javadeny
exit policy
exit firewall
firewall dmz
interface ethernet1
object
nat-pool ftpsrvr static 10.3.1.100 10.3.1.100
ftp-filter putdeny deny put mkdir
exit object
policy 100 in address any any 193.168.94.221 32
apply-object ftp-filter putdeny
apply-object nat-pool ftpsrvr
exit policy
policy 1022 out self
exit policy
policy 1023 in self
exit policy
policy 1024 out
exit policy
exit firewall
Foundry/configure#
Stopping DoS Attacks
The following commands show how to configure the firewall to defend against Denial of Service (DoS) attacks.
Foundry provides protection against FTP bounce, ICMP error checks, IP sequence number checks, unaligned
timestamps, MIME flooding, source routing checks, SYN flooding, and WIN nuke attacks. To configure the firewall
for protection against all of these attacks, enter:
Foundry provides protection against FTP bounce, ICMP error checks, IP sequence number checks, unaligned
timestamps, MIME flooding, source routing checks, SYN flooding, and WIN nuke attacks. To configure the firewall
for protection against all of these attacks, enter: