Esprit's Style

Router# show access-list
Router# show ip access-list

Router#  clear access-list counters 100

Router(config)# access-list 1 deny  131.108.101.99
Router(config)# access-list 1 permit 131.108.101.0 0.0.0.255

R(conf)#
# no access-list 100 ! 拡張アクセスリスト100を解除
# access-list 100 deny   tcp 192.168.16.0 0.0.0.255 any eq 135 !ms-dce
# access-list 100 deny   udp 192.168.16.0 0.0.0.255 any eq 135 !ms-dce
# access-list 100 deny   udp 192.168.16.0 0.0.0.255 any eq netbios-dgm !138
# access-list 100 deny   udp 192.168.16.0 0.0.0.255 any eq netbios-ns !137
# access-list 100 deny   tcp 192.168.16.0 0.0.0.255 any eq 139 !netbios-ssn
# access-list 100 permit icmp any any
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq ftp-data !20
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq ftp !21
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq 22 !ssh
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq 23 !telnet
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq smtp !25
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq domain !53
# access-list 100 permit udp any 192.168.0.0 0.0.255.255 eq domain !53
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq www !80
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq pop3 !110
# access-list 100 permit udp any 192.168.0.0 0.0.255.255 eq ntp !123
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq 443 !https
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq exec!512
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 eq lpd !515
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 established
# access-list 100 permit tcp any 192.168.0.0 0.0.255.255 range 1024 65535
# access-list 100 deny   ip any any log !書かなくても良いがわかりやすいように。

# no access-list 101 ! 拡張アクセスリスト101を解除
# access-list 101 deny   ip 10.0.0.0 0.255.255.255 any log
# access-list 101 deny   ip 172.0.0.0 0.255.255.255 any log
# access-list 101 permit icmp any any
# access-list 101 permit tcp 192.168.0.0 0.0.255.255 any established
# access-list 101 permit tcp 192.168.0.0 0.0.255.255 any eq ident
# access-list 101 deny   ip any any log

R(config)# interface FastEthernet 0/0
R(config-if)# ip access-group 100 in ! 拡張アクセスリスト100を設定
R(config-if)# ip access-group 101 out ! 拡張アクセスリスト101を設定
R(config-if)# exit

! For Firewall access-list
! Access-list 120 for FastEthernet 0/1 inside filter
! Access-list 130 for FastEthernet 0/0 inside filter
! Ver 1.00 2004/01/01 
! 
enable
configure terminal
!
! FastEthernet 0/1
!
no access-list 120
access-list 120 deny tcp 192.168.1.0 0.0.0.255 any eq 135
access-list 120 deny udp 192.168.1.0 0.0.0.255 any eq 135
access-list 120 deny udp 192.168.1.0 0.0.0.255 any eq 137
access-list 120 deny udp 192.168.1.0 0.0.0.255 any eq 138
access-list 120 deny tcp 192.168.1.0 0.0.0.255 any eq 139
access-list 120 deny tcp 192.168.1.0 0.0.0.255 any eq 445
access-list 120 deny udp 192.168.1.0 0.0.0.255 any eq 445
access-list 120 permit udp any any eq 123
access-list 120 permit udp any any eq 53
access-list 120 permit ip any any
interface FastEthernet 0/1
 ip access-group 120 in
!
! FastEthernet 0/0
!
no access-list 130
access-list 130 permit tcp 200.122.12.15 0.0.0.7 200.122.12.12 0.0.0.7 eq 22
access-list 130 permit tcp 200.122.12.15 0.0.0.7 200.122.12.12 0.0.0.7 eq 80
access-list 130 permit tcp 200.122.12.15 0.0.0.7 200.122.12.12 0.0.0.7 eq 443
access-list 130 permit udp any eq 123 any
access-list 130 permit udp any eq 53 any
access-list 130 permit tcp any 200.122.122.12 0.0.0.7 eq 22
access-list 130 permit tcp icmp any any
!deny any any
!
interface FastEthernet 0/0
 ip access-group 130 in
!
no ip access-list standard 10
access-list 10 permit 192.168.1.0 0.0.0.255
access-list 10 permit 192.168.10.0 0.0.0.255
!
line vty 0 4
 aceess-class 10 in
!
 end
wr mem
!