使用NBAR来基于应用层过滤流量

使用NBAR 对进站的HTTP 流量下载进行限速, 其中凡是下载的图象格式包括gif的,速率限制为50kbps。并防止红色代码(Code Red)和尼姆达(Nimda)蠕虫病毒

R1
conf t
int s2/0
ip ad 10.1.1.1 255.255.255.0
no shut
exit
class-map PHOTO
match protocol http url "*.gif"
exit
class-map VIRUS
match protocol http url "cmd.exe"
match protocol http url "*.ida"
match protocol http url "root.exe"
match protocol http url "readme.eml*"
exit
policy-map NBAR
class PHOTO
police 50000 conform-action transmit exceed-action drop

class VIRUS
drop
exit
int s 2/0
service-policy input NBAR
end

校验
R1#sh policy-map int s2/0
 Serial2/0
  Service-policy input: NBAR
    Class-map: PHOTO (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: protocol http url "*.gif"
      police:
          cir 50000 bps, bc 1562 bytes
        conformed 0 packets, 0 bytes; actions:
          transmit
        exceeded 0 packets, 0 bytes; actions:
          drop
        conformed 0 bps, exceed 0 bps
     Class-map: VIRUS (match-all)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
       Match: protocol http url "cmd.exe"
      Match: protocol http url "*.ida"
      Match: protocol http url "root.exe"
      Match: protocol http url "readme.eml*"

      drop
    Class-map: class-default (match-any)
      0 packets, 0 bytes
      5 minute offered rate 0 bps, drop rate 0 bps
      Match: any

本文出自 “穿过地狱去看海” 博客,谢绝转载!

你可能感兴趣的:(路由,休闲,应用层,NBAR,过滤流量)