2010.02.15
IX2015で国内限定フィルタ
業務用ルーターIX2015での国内限定フィルタ
ここ最近はガンブラーなどのウイルスが流行しています。
テスト用鯖がクラックされると心配なので国内フィルタをドメインベースで掛けてみました
注:この設定をすると逆引きのないIPアドレス及び国外から接続できなくなります。
完全にガンブラー対策になる訳では有りませんが何かあった時の対処が少し楽です
ip access-list jponly permit tcp src .jp sport any dest any dport eq 22
ip access-list jponly permit tcp src .bbtec.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .broba.cc sport any dest any dport eq 22
ip access-list jponly permit tcp src .cty8.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .quolia.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .cwidc.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .jp.fiberbit.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .gpwest.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .h555.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .inabapyonpyon.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .mediatti.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .net3-tv.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .netaro.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .wac2.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .bitcat.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .2iij.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .george24.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .ycix.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .ninjin-net.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .gc-broad.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .nasicnet.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .cv-i.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .cilas.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .ja-hc.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .view21.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .awaikeda.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .e-awa.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .kaga-tv.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .itsudemo.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .itakita.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .tccnet.tv sport any dest any dport eq 22
ip access-list jponly permit tcp src .k-ft.net sport any dest any dport eq 22
ip access-list jponly permit tcp src .tigers-net.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .tonotv.com sport any dest any dport eq 22
ip access-list jponly permit tcp src .zero-isp.net sport any dest any dport eq 22
ip access-list jponly deny tcp src any sport any dest any dport eq 22
暗黙のdenyの関係で
ip access-list allowall permit ip src any dest any
も付けておく。
後は
interface FastEthernet0/1.x
ip filter jponly 100 in
ip filter allowall 6000 in
設定完了後にグローバルconfigモードでwrite memoryすれば完了です。
ルーターですることでサーバーにパケットが届く前に確実に遮断できるので安心です。
