Firewall
screenOS 瞻博網路防火牆配置中的“退出”語句有什麼用?
我想審核 screenOS 瞻博網路防火牆。我已經獲得了配置文件,但我不熟悉語法。我想知道“退出”命令。
在配置文件中,大多數策略後跟一兩個附加命令和一個退出語句:
[...] set policy id <id1> name "<name1>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service1>" permit log set policy id <id1> exit set policy id <id2> name "<name2>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service2>" permit log set policy id <id2> set service "<service3>" set service "<service4>" set service "<service5>" set service "<service6>" exit [...]我該如何解釋這個?如果退出語句將策略組合在一起,那麼只有冗餘資訊。策略 ID 已在上面的行中設置。下面幾行中設置的服務 3、4、5、6 已經包含在服務 2 中。
exit 語句不僅出現在
set policy語句之後。
Juniper ScreenOS 配置文件只是一長串 CLI 命令。如果我們在每一行的開頭添加提示,則目的
exit變得更加明確:[...] device-> set policy id <id1> name "<name1>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service1>" permit log device-> set policy id <id1> device(policy:<id1>)-> exit device-> set policy id <id2> name "<name2>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service2>" permit log device-> set policy id <id2> device(policy:<id2>)-> set service "<service3>" device(policy:<id2>)-> set service "<service4>" device(policy:<id2>)-> set service "<service5>" device(policy:<id2>)-> set service "<service6>" device(policy:<id2>)-> exit [...] device-> save