Просмотр Исходного

{code}
configure terminal
!!! Серые сети
ipv4 access-list RFC1918
10 deny ipv4 10.0.0.0/8 any
11 deny ipv4 172.16.0.0/12 any
12 deny ipv4 192.168.0.0/16 any
99 permit ipv4 any any
!

!!! ACL для разрешенных сайтов при блокировке
no ipv4 access-list ACL_CRB_TRUSTED
ipv4 access-list ACL_CRB_TRUSTED
10 permit udp any any eq domain
@@@ for net in trusted_negbal
permit ipv4 any host {{net}}
premit ipv4 host {{net}} any
@@@ endfor
20 permit ipv4 any host {{cabinet_ip}}
30 permit ipv4 host {{cabinet_ip}} any
40 permit icmp any any
!

!!! ACL для редиректа
no ipv4 access-list ACL_CRB_REDIRECT
ipv4 access-list ACL_CRB_REDIRECT
10 permit tcp any any eq www syn
20 permit tcp any any eq www ack
30 permit tcp any any eq www
!



!!! Class map для разрешенных сайтов
no class-map type traffic match-any CLS_CRB_TRUSTED
class-map type traffic match-any CLS_CRB_TRUSTED
match access-group ipv4 ACL_CRB_TRUSTED
end-class-map
!

!!! Class map для редиректа
no class-map type traffic match-any CLS_CRB_REDIRECT
class-map type traffic match-any CLS_CRB_REDIRECT
match access-group ipv4 ACL_CRB_REDIRECT
end-class-map
!
end
exit
{code}