# 创建控制列表ACL3001,仅允许特定内部主机129.38.1.1和129.38.1.2访问外部网络,禁止其它所有主机的对外访问。
[Quidway] acl number 3001
[Quidway-acl-adv-3001] rule deny ip
[Quidway-acl-adv-3001] rule permit ip source 129.38.1.1 0
[Quidway-acl-adv-3001] rule permit ip source 129.38.1.2 0
# 创建访问控制列表ACL3002,仅允许特定外部主机202.1.2.3访问内部网络中的服务器 129.38.1.105,禁止其它所有的对内访问。
[Quidway] acl number 3002
[Quidway-acl-adv-3002] rule deny ip
[Quidway-acl-adv-3002] rule permit tcp source 202.1.2.3 0 destination 129.38.1.105
# 定义两个类,分别匹配ACL3001和ACL3002。
[Quidway] traffic classifier class1
[Quidway-classifier-class1] if-match acl 3001
[Quidway] traffic classifier class2
[Quidway-classifier-class2] if-match acl 3002
# 定义流行为,启动包过滤防火墙功能。
[Quidway] traffic behavior behavior1
[Quidway-behavior-behavior1] deny
# 定义两个QoS策略,为不同类的报文指定流行为。
[Quidway] traffic policy mypolicy1
[Quidway-trafficpolicy-mypolicy1] classifier class1 behavior behavior1
[Quidway] traffic policy mypolicy2
[Quidway-trafficpolicy-mypolicy2] classifier class2 behavior behavior2
# 在NE20系列路由器的Ethernet2/0/0和ATM1/0/0接口上应用策略。
[Quidway] interface ethernet 2/0/0
[Quidway-Ethernet2/0/0] traffic-policy mypolicy1 inbound
[Quidway-Ethernet2/0/0] quit
[Quidway] interface atm 1/0/0
[Quidway-ATM 1/0/0]traffic-policy mypolicy2 inbound