主要是想只开启上网 几个股票端口 ftp端口sys
acl num 3000
rule 0 deny ip
rule 1 permit udp destination-port eq dns
rule 2 permit tcp destination-port eq www
rule 3 permit tcp destination-port eq 8080
rule 4 permit tcp destination-port eq pop3
rule 5 permit tcp destination-port eq ftp
rule 6 permit tcp destination-port eq telnet
rule 7 permit tcp destination-port eq 8000
rule 8 permit tcp destination-port eq 7709
rule 9 permit tcp destination-port eq 7711
int gig 1/1/4
pack in ip 3000

pack outbound  ip 3000

网络太慢了，尝试只开放下列端口，不知道是否可行，实验中

 

rule 0 permit tcp source-port eq ftp destination-port eq ftp (0 times matched) 

rule 1 permit tcp source-port eq 22 destination-port eq 22 (0 times matched) 

rule 2 permit tcp source-port eq telnet destination-port eq telnet (0 times matched) 

 rule 3 permit tcp source-port eq smtp destination-port eq smtp (0 times matched) 

 rule 4 permit tcp source-port eq 38 destination-port eq 38 (0 times matched) 

 rule 5 permit tcp source-port eq 42 destination-port eq 42 (0 times matched) 

 rule 6 permit tcp source-port eq domain destination-port eq domain (0 times matched) 

 rule 7 permit tcp source-port eq 69 destination-port eq 69 (0 times matched) 

 rule 8 permit tcp source-port eq 99 destination-port eq 99 (0 times matched) 

 rule 9 permit tcp source-port eq pop3 destination-port eq pop3 (0 times matched) 

rule 10 permit tcp source-port eq 135 destination-port eq 135 (0 times matched) 

 rule 11 permit tcp source-port eq 161 destination-port eq 161 (0 times matched) 

 rule 12 permit tcp source-port eq 443 destination-port eq 443 (0 times matched) 

 rule 13 permit tcp source-port eq www destination-port eq www (0 times matched) 

 rule 14 permit tcp source-port eq 4899 destination-port eq 4899 (0 times matched)