configure terminal !!! Серые сети ipv4 access-list RFC1918 10 deny ipv4 10.0.0.0/8 any 11 deny ipv4 172.16.0.0/12 any 12 deny ipv4 192.168.0.0/16 any 99 permit ipv4 any any ! !!! ACL для разрешенных сайтов при блокировке no ipv4 access-list ACL_CRB_TRUSTED ipv4 access-list ACL_CRB_TRUSTED 10 permit udp any any eq domain @@@ for net in trusted_negbal permit ipv4 any host {{net}} premit ipv4 host {{net}} any @@@ endfor 20 permit ipv4 any host {{cabinet_ip}} 30 permit ipv4 host {{cabinet_ip}} any 40 permit icmp any any ! !!! ACL для редиректа no ipv4 access-list ACL_CRB_REDIRECT ipv4 access-list ACL_CRB_REDIRECT 10 permit tcp any any eq www syn 20 permit tcp any any eq www ack 30 permit tcp any any eq www ! !!! Class map для разрешенных сайтов no class-map type traffic match-any CLS_CRB_TRUSTED class-map type traffic match-any CLS_CRB_TRUSTED match access-group ipv4 ACL_CRB_TRUSTED end-class-map ! !!! Class map для редиректа no class-map type traffic match-any CLS_CRB_REDIRECT class-map type traffic match-any CLS_CRB_REDIRECT match access-group ipv4 ACL_CRB_REDIRECT end-class-map ! end exit