防火墙命令学习总结

华为防火墙：

　　命令格式

system
ip address-set 10.0.0.0/8 type object 
  address 0 10.0.0.0 mask 8
q
ip address-set 12.2.7.0/24 type object 
  address 0 12.2.7.0 mask 24
q
ip service-set TCP-8443 type object
 service 0 protocol tcp source-port 0 to 65535 destination-port 8443
q
ip service-set TCP-9443 type object
 service 0 protocol tcp source-port 0 to 65535 destination-port 9443
q
security-policy
 rule name 10168
  action permit
  source-zone inside
  destination-zone untrust
  source-address address-set 10.0.0.0/8
  destination-address address-set 12.2.7.0/24
  service TCP-8443
  service TCP-9443
q
return
save
y
y

删除命令  undo

　　地址组中删除地址对象

ip address-set qiyenianjin_server_group type group
 address 0 address-set 10.1.66.0/24
 address 1 address-set 10.1.36.0/26  --想要删除这一行
 address 2 address-set ip_10.1.42.172/32
 address 3 address-set ip_10.1.42.173/32

ip address-set qiyenianjin_server_group type group
　　undo address 1  --第一种写法，取num值
　　undo address address-set 10.1.36.0/26  --第二种写法

　　策略中删除地址引用

删除源地址

rule name mgt2local_ssh
　　undo source-address address-set 10.1.36.0/26

删除目的地址

rule name 55
　　undo destination-address address-set 10.1.36.0/26

 

 

山石防火墙：

　　命令格式

configure
address "12.2.0.0/19" 
    ip 12.2.0.0/19
exit

address "12.2.7.0/24" 
    ip 12.2.7.0/24
exit

rule id 10028 before 3720
  src-zone "bg-client"
  dst-zone "shengchan"
  src-addr "12.2.0.0/19"
  dst-addr "12.2.7.0/24"
  service "TCP-8443"
  service "TCP-9443"
  action permit
exit
save
yy

删除命令 no

rule id 20001
 no dst-addr "10.197.5.0/24"  --删除源地址
exit
address Deny-CS1-G
 no member "10.197.9.0/24"  --地址组中删除地址对象
exit

rule id 20002
 no src-addr "10.197.5.0/24"  --删除目的地址
exit