华为S6730单向访问ACL配置

双向限制：
acl number 3000
rule 10 deny ip destination 10.20.100.0 0.0.3.255
 rule 15 deny ip destination 10.20.80.0 0.0.3.255
 rule 20 deny ip destination 172.17.50.0 0.0.0.255
 rule 25 deny ip destination 10.20.40.0 0.0.0.255
 rule 30 deny ip destination 10.20.60.0 0.0.0.255
 rule 35 deny ip destination 10.20.120.0 0.0.0.255
 rule 40 deny ip destination 10.20.130.0 0.0.0.255
 rule 45 deny ip destination 10.20.140.0 0.0.0.255
 rule 50 deny ip destination 10.20.150.0 0.0.0.255
 rule 55 deny ip destination 10.20.160.0 0.0.0.255
 rule 60 deny ip destination 10.20.104.0 0.0.1.255
 rule 65 deny ip destination 10.20.106.0 0.0.1.255
 rule 70 deny ip destination 10.20.108.0 0.0.1.255
 rule 75 deny ip destination 10.20.110.0 0.0.1.255
 rule 80 deny ip destination 10.20.50.0 0.0.1.255
 rule 85 deny ip destination 10.20.70.0 0.0.1.255
 rule 90 deny ip destination 10.20.210.0 0.0.0.255
 rule 95 deny ip destination 10.20.220.0 0.0.1.255
 rule 100 permit ip
traffic-filter vlan 200 inbound acl 3000 


单向限制（只能限制TCP业务）：
acl number 3002
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.100.0 0.0.3.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.100.0 0.0.3.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.100.0 0.0.3.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.80.0 0.0.3.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.80.0 0.0.3.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.80.0 0.0.3.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.120.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.120.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.120.0 0.0.0.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.130.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.130.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.130.0 0.0.0.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.140.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.140.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.140.0 0.0.0.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.150.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.150.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.150.0 0.0.0.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.160.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.160.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.160.0 0.0.0.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.60.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.60.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.60.0 0.0.0.255 icmp-type echo
rule permit tcp source 10.20.220.0 0.0.1.255 destination 10.20.40.0 0.0.0.255 tcp-flag syn ack
rule deny tcp source 10.20.220.0 0.0.1.255 destination 10.20.40.0 0.0.0.255 tcp-flag syn
rule deny icmp source 10.20.220.0 0.0.1.255 destination 10.20.40.0 0.0.0.255 icmp-type echo
rule permit ip
traffic-filter vlan 220 inbound acl 3002

参照文档：https://support.huawei.com/enterprise/zh/doc/EDOC1100247688/a506cef0
发送评论 编辑评论

发送评论编辑评论
