冰冰冷 - 2005-9-20 18:33:00
我在服务器上发现了有一个设置文件,内容如下:
unset hardware wdt-reset
set clock timezone 7
set vrouter trust-vr sharable
unset vrouter "trust-vr" auto-route-export
set auth-server "Local" id 0
set auth-server "Local" server-name "Local"
set auth default auth server "Local"
set admin name "netscreen"
set admin password "nEzJArrtEWSBc0vM8sxPe3LtlFFDJn"
set admin port 8088
set admin scs password disable username netscreen
set admin mail server-name "smtp.163.com"
set admin mail mail-addr1 "fustrong@163.com"
set admin mail traffic-log
set admin auth timeout 10
set admin auth server "Local"
set admin privilege read-write
set admin format dos
set zone "Trust" vrouter "trust-vr"
set zone "Untrust" vrouter "trust-vr"
set zone "VLAN" vrouter "trust-vr"
set zone "Trust" tcp-rst
set zone "Untrust" block
unset zone "Untrust" tcp-rst
set zone "MGT" block
set zone "VLAN" block
set zone "VLAN" tcp-rst
set zone "Trust" screen icmp-flood
set zone "Trust" screen udp-flood
set zone "Trust" screen port-scan
set zone "Trust" screen ip-sweep
set zone "Trust" screen tear-drop
set zone "Trust" screen syn-flood
set zone "Trust" screen ip-spoofing
set zone "Trust" screen ping-death
set zone "Trust" screen land
set zone "Trust" screen syn-frag
set zone "Trust" screen tcp-no-flag
set zone "Trust" screen syn-fin
set zone "Trust" screen fin-no-ack
set zone "Trust" screen syn-ack-ack-proxy
set zone "Untrust" screen icmp-flood
set zone "Untrust" screen udp-flood
set zone "Untrust" screen port-scan
set zone "Untrust" screen ip-sweep
set zone "Untrust" screen tear-drop
set zone "Untrust" screen syn-flood
set zone "Untrust" screen ip-spoofing
set zone "Untrust" screen ping-death
set zone "Untrust" screen ip-filter-src
set zone "Untrust" screen land
set zone "Untrust" screen syn-frag
set zone "Untrust" screen tcp-no-flag
set zone "Untrust" screen unknown-protocol
set zone "Untrust" screen icmp-fragment
set zone "Untrust" screen icmp-large
set zone "Untrust" screen syn-fin
set zone "Untrust" screen fin-no-ack
set zone "Untrust" screen block-frag
set zone "V1-Untrust" screen tear-drop
set zone "V1-Untrust" screen syn-flood
set zone "V1-Untrust" screen ping-death
set zone "V1-Untrust" screen ip-filter-src
set zone "V1-Untrust" screen land
set zone "Trust" screen syn-ack-ack threshold 100
set zone "Trust" screen syn-flood alarm-threshold 102
set zone "Trust" screen syn-flood attack-threshold 100
set zone "Trust" screen syn-flood source-threshold 100
set zone "Trust" screen syn-flood destination-threshold 150
set zone "Untrust" screen syn-flood alarm-threshold 150
set zone "Untrust" screen syn-flood attack-threshold 100
set zone "Untrust" screen syn-flood source-threshold 200
set zone "Untrust" screen syn-flood destination-threshold 150
set interface "trust" zone "Trust"
set interface "untrust" zone "Untrust"
unset interface vlan1 ip
set interface trust ip 192.168.0.1/24
set interface trust nat
set interface untrust ip 61.161.100.25/28
set interface untrust nat
set interface untrust mtu 1492
unset interface vlan1 bypass-others-ipsec
unset interface vlan1 bypass-non-ip
set interface trust ip manageable
set interface untrust ip manageable
set interface untrust manage ping
set interface untrust manage ssh
set interface untrust manage telnet
set interface untrust manage snmp
set interface untrust manage ssl
set interface untrust manage web
set interface untrust track-ip ip 16.161.100.4 gateway 61.161.100.1
unset interface untrust track-ip dynamic
set interface "untrust" mip 61.161.100.25 host 192.168.0.8 netmask 255.255.255.255 vrouter "trust-vr"
set flow tcp-mss 1392
set domain y
set hostname fuqiang
set dns host dns1 61.128.128.68
set dns host dns2 61.128.192.68
set dns host schedule 06:28
set address "Trust" "192.168.0.8/255.255.255.0" 192.168.0.8 255.255.255.0
set ike respond-bad-spi 1
set pki authority default scep mode "auto"
set pki x509 default cert-path partial
set policy id 3 from "Trust" to "Untrust" "Any" "Any" "ANY" permit
set policy id 2 from "Untrust" to "Trust" "Any" "Any" "ANY" permit log
set policy id 1 name "u" from "Untrust" to "Trust" "Any" "MIP(61.161.100.25)" "HTTP" permit
set policy id 4 from "Untrust" to "Trust" "Any" "MIP(61.161.100.25)" "FTP" permit
set global-pro policy-manager primary outgoing-interface untrust
set global-pro policy-manager secondary outgoing-interface untrust
set ssh version v2
set config lock timeout 5
set modem speed 115200
set modem retry 3
set modem interval 10
set modem idle-time 10
set snmp name "ns5gt"
set snmp port listen 161
set snmp port trap 162
set vrouter "untrust-vr"
exit
set vrouter "trust-vr"
unset add-default-route
set route 0.0.0.0/0 interface untrust gateway 61.161.100.1
exit
怎么还原这些设置为空??
谢谢了
© 2000 - 2024 Rising Corp. Ltd.