华为交换机封端口常用访问控制列表

acl number 3000
rule 1 deny udp destination-port eq 1434
rule 2 deny udp destination-port eq 135
rule 3 deny udp destination-port eq netbios-ssn
rule 5 deny tcp destination-port eq 135
rule 6 deny tcp destination-port eq 445
rule 7 deny tcp destination-port eq 593
rule 10 deny tcp destination-port eq 113
rule 11 deny tcp destination-port eq 5800
rule 12 deny tcp destination-port eq 5900
rule 13 deny udp destination-port eq 445
rule 14 deny udp destination-port eq 593
rule 15 deny udp destination-port eq netbios-ns
rule 16 deny udp destination-port eq netbios-dgm
rule 17 deny udp destination-port eq 113
rule 18 deny tcp destination-port eq 5554
rule 19 deny tcp destination-port eq 9996

packet-filter ip-group 3000         (全局应用)

queue-scheduler wrr 40 30 10 20     (设置队列调度模式和参数)

（选择添加 ）
rule 0 deny icmp
rule 4 deny tcp destination-port eq 139
rule 8 deny tcp destination-port eq 137
rule 9 deny tcp destination-port eq 138