{"id":477160,"date":"2023-08-09T09:08:44","date_gmt":"2023-08-09T09:08:44","guid":{"rendered":""},"modified":"2023-09-05T11:14:12","modified_gmt":"2023-09-05T11:14:12","slug":"extended-acls","status":"publish","type":"wiki","link":"https:\/\/oneproxy.pro\/cn\/wiki\/extended-acls\/","title":{"rendered":"\u6269\u5c55 ACL"},"content":{"rendered":"<p>\u6269\u5c55\u8bbf\u95ee\u63a7\u5236\u5217\u8868 (ACL) \u662f\u4e00\u79cd\u5f3a\u5927\u7684\u673a\u5236\uff0c\u7528\u4e8e\u63a7\u5236\u7f51\u7edc\u8bbe\u5907\uff08\u4f8b\u5982\u8def\u7531\u5668\u3001\u4ea4\u6362\u673a\u548c\u4ee3\u7406\u670d\u52a1\u5668\uff09\u7684\u8bbf\u95ee\u548c\u5b89\u5168\u3002\u8fd9\u4e9b\u5217\u8868\u5141\u8bb8\u7f51\u7edc\u7ba1\u7406\u5458\u6839\u636e\u5404\u79cd\u6807\u51c6\uff08\u4f8b\u5982\u6e90\u548c\u76ee\u6807 IP \u5730\u5740\u3001\u534f\u8bae\u3001\u7aef\u53e3\u53f7\u7b49\uff09\u8fc7\u6ee4\u5e76\u5141\u8bb8\u6216\u62d2\u7edd\u6d41\u91cf\u3002\u6269\u5c55 ACL \u662f\u6807\u51c6 ACL \u7684\u6269\u5c55\uff0c\u5728\u7ba1\u7406\u7f51\u7edc\u6d41\u91cf\u65b9\u9762\u63d0\u4f9b\u4e86\u66f4\u9ad8\u7684\u7075\u6d3b\u6027\u548c\u7c92\u5ea6\u3002<\/p>\n<h2>\u6269\u5c55 ACL \u7684\u8d77\u6e90\u5386\u53f2<\/h2>\n<p>\u8bbf\u95ee\u63a7\u5236\u5217\u8868\u7684\u6982\u5ff5\u53ef\u4ee5\u8ffd\u6eaf\u5230\u8ba1\u7b97\u673a\u7f51\u7edc\u7684\u65e9\u671f\u3002\u6700\u521d\uff0c\u5f15\u5165\u57fa\u672c ACL \u662f\u4e3a\u4e86\u5e2e\u52a9\u7ba1\u7406\u5bf9\u7f51\u7edc\u8d44\u6e90\u7684\u8bbf\u95ee\uff0c\u4f46\u5b83\u4eec\u7684\u8303\u56f4\u6709\u9650\u3002\u968f\u7740\u7f51\u7edc\u57fa\u7840\u8bbe\u65bd\u53d8\u5f97\u8d8a\u6765\u8d8a\u590d\u6742\uff0c\u5bf9\u66f4\u5148\u8fdb\u7684\u8fc7\u6ee4\u673a\u5236\u7684\u9700\u6c42\u53d8\u5f97\u663e\u800c\u6613\u89c1\u3002\u8fd9\u5bfc\u81f4\u4e86\u6269\u5c55 ACL \u7684\u5f00\u53d1\uff0c\u5b83\u4e3a\u7ba1\u7406\u5458\u63d0\u4f9b\u4e86\u5bf9\u6d41\u91cf\u7684\u66f4\u7ec6\u7c92\u5ea6\u7684\u63a7\u5236\u3002<\/p>\n<p>\u6269\u5c55 ACL \u7684\u9996\u6b21\u63d0\u53ca\u53ef\u4ee5\u5728 Cisco IOS\uff08\u4e92\u8054\u7f51\u64cd\u4f5c\u7cfb\u7edf\uff09\u6587\u6863\u4e2d\u627e\u5230\u3002 Cisco \u5728\u5176\u8def\u7531\u5668\u4e2d\u5f15\u5165\u4e86\u6269\u5c55 ACL\uff0c\u4ee5\u6ee1\u8db3\u66f4\u5927\u3001\u66f4\u590d\u6742\u7f51\u7edc\u7684\u9700\u6c42\u3002\u968f\u7740\u65f6\u95f4\u7684\u63a8\u79fb\uff0c\u6269\u5c55 ACL \u7684\u60f3\u6cd5\u5f97\u5230\u4e86\u5e7f\u6cdb\u5173\u6ce8\uff0c\u5e76\u88ab\u5176\u4ed6\u5404\u79cd\u7f51\u7edc\u4f9b\u5e94\u5546\u91c7\u7528\u3002<\/p>\n<h2>\u6709\u5173\u6269\u5c55 ACL \u7684\u8be6\u7ec6\u4fe1\u606f<\/h2>\n<h3>\u6269\u5c55\u6269\u5c55 ACL \u7684\u4e3b\u9898<\/h3>\n<p>\u6269\u5c55 ACL \u5728 OSI \u6a21\u578b\u7684\u7f51\u7edc\u5c42\uff08\u7b2c 3 \u5c42\uff09\u8fd0\u884c\uff0c\u5b83\u4eec\u6bd4\u6807\u51c6 ACL \u66f4\u590d\u6742\u3002\u6807\u51c6 ACL \u4ec5\u6839\u636e\u6e90 IP \u5730\u5740\u8fc7\u6ee4\u6d41\u91cf\uff0c\u800c\u6269\u5c55 ACL \u5141\u8bb8\u7ba1\u7406\u5458\u6839\u636e\u591a\u79cd\u6807\u51c6\u8fdb\u884c\u8fc7\u6ee4\uff0c\u5305\u62ec\uff1a<\/p>\n<ol>\n<li>\n<p>\u6e90\u548c\u76ee\u6807 IP \u5730\u5740\uff1a\u53ef\u4ee5\u8fc7\u6ee4\u7279\u5b9a\u6e90\u6216\u76ee\u6807 IP \u5730\u5740\u3001\u6574\u4e2a\u5b50\u7f51\u6216 IP \u5730\u5740\u8303\u56f4\u3002<\/p>\n<\/li>\n<li>\n<p>TCP \u548c UDP \u7aef\u53e3\u53f7\uff1a\u7ba1\u7406\u5458\u53ef\u4ee5\u6839\u636e\u7279\u5b9a\u7aef\u53e3\u53f7\u5141\u8bb8\u6216\u62d2\u7edd\u6d41\u91cf\uff0c\u4ece\u800c\u542f\u7528\u6216\u9650\u5236\u5bf9\u7279\u5b9a\u670d\u52a1\u6216\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u3002<\/p>\n<\/li>\n<li>\n<p>\u534f\u8bae\u7c7b\u578b\uff1a\u6269\u5c55ACL\u53ef\u4ee5\u6839\u636e\u4e0d\u540c\u7684\u534f\u8bae\u8fc7\u6ee4\u6d41\u91cf\uff0c\u5982TCP\u3001UDP\u3001ICMP\u7b49\u3002<\/p>\n<\/li>\n<li>\n<p>\u57fa\u4e8e\u65f6\u95f4\u7684\u8fc7\u6ee4\uff1a\u6d41\u91cf\u8fc7\u6ee4\u53ef\u4ee5\u914d\u7f6e\u4e3a\u4ec5\u5728\u7279\u5b9a\u65f6\u95f4\u6bb5\u5185\u5e94\u7528\uff0c\u4ece\u800c\u63d0\u4f9b\u5bf9\u7f51\u7edc\u8d44\u6e90\u7684\u989d\u5916\u63a7\u5236\u3002<\/p>\n<\/li>\n<li>\n<p>\u53ef\u9009\u65e5\u5fd7\u8bb0\u5f55\uff1a\u7ba1\u7406\u5458\u53ef\u4ee5\u9009\u62e9\u8bb0\u5f55\u4e0e\u6269\u5c55 ACL \u89c4\u5219\u5339\u914d\u7684\u6d41\u91cf\uff0c\u4ee5\u7528\u4e8e\u76d1\u63a7\u548c\u5ba1\u6838\u76ee\u7684\u3002<\/p>\n<\/li>\n<\/ol>\n<p>\u6269\u5c55 ACL \u91c7\u7528\u81ea\u4e0a\u800c\u4e0b\u7684\u65b9\u6cd5\u8fd0\u884c\uff0c\u6309\u987a\u5e8f\u8bc4\u4f30\u89c4\u5219\uff0c\u76f4\u5230\u627e\u5230\u5339\u914d\u9879\u3002\u4e00\u65e6\u5339\u914d\u6210\u529f\uff0c\u8bbe\u5907\u5c31\u4f1a\u6267\u884c\u76f8\u5e94\u89c4\u5219\u4e2d\u6307\u5b9a\u7684\u64cd\u4f5c\uff08\u5141\u8bb8\u6216\u62d2\u7edd\uff09\uff0c\u5e76\u4e14\u4e0d\u4f1a\u9488\u5bf9\u8be5\u7279\u5b9a\u6d41\u91cf\u8bc4\u4f30\u540e\u7eed\u89c4\u5219\u3002<\/p>\n<h2>\u6269\u5c55ACL\u7684\u5185\u90e8\u7ed3\u6784<\/h2>\n<p>\u6269\u5c55 ACL \u901a\u5e38\u7531\u5355\u72ec\u7684\u8bbf\u95ee\u63a7\u5236\u6761\u76ee (ACE) \u7ec4\u6210\uff0c\u6bcf\u4e2a\u6761\u76ee\u5b9a\u4e49\u7279\u5b9a\u7684\u8fc7\u6ee4\u89c4\u5219\u3002 ACE \u7531\u4ee5\u4e0b\u7ec4\u4ef6\u7ec4\u6210\uff1a<\/p>\n<ul>\n<li>\n<p><strong>\u5e8f\u5217\u53f7<\/strong>\uff1a\u6bcf\u4e2a ACE \u7684\u552f\u4e00\u6807\u8bc6\u7b26\uff0c\u6307\u793a\u89c4\u5219\u7684\u5e94\u7528\u987a\u5e8f\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u884c\u52a8<\/strong>\uff1a\u5339\u914d\u53d1\u751f\u65f6\u8981\u91c7\u53d6\u7684\u64cd\u4f5c\uff0c\u901a\u5e38\u8868\u793a\u4e3a\u201c\u5141\u8bb8\u201d\u6216\u201c\u62d2\u7edd\u201d\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u534f\u8bae<\/strong>\uff1a\u89c4\u5219\u9002\u7528\u7684\u7f51\u7edc\u534f\u8bae\uff0c\u4f8b\u5982 TCP\u3001UDP \u6216 ICMP\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6e90\u5730\u5740<\/strong>\uff1a\u89c4\u5219\u5e94\u7528\u7684\u6e90IP\u5730\u5740\u6216\u8303\u56f4\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u76ee\u7684\u5730\u5730\u5740<\/strong>\uff1a\u89c4\u5219\u9002\u7528\u7684\u76ee\u6807 IP \u5730\u5740\u6216\u8303\u56f4\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6e90\u7aef\u53e3<\/strong>\uff1a\u6d41\u91cf\u7684\u6e90\u7aef\u53e3\u6216\u7aef\u53e3\u8303\u56f4\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u76ee\u7684\u7aef\u53e3<\/strong>\uff1a\u6d41\u91cf\u7684\u76ee\u6807\u7aef\u53e3\u6216\u7aef\u53e3\u8303\u56f4\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u65f6\u95f4\u8303\u56f4<\/strong>\uff1a\u89c4\u5219\u5904\u4e8e\u6d3b\u52a8\u72b6\u6001\u7684\u53ef\u9009\u65f6\u95f4\u9650\u5236\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u8bb0\u5f55<\/strong>\uff1a\u4e00\u4e2a\u53ef\u9009\u6807\u5fd7\uff0c\u7528\u4e8e\u542f\u7528\u4e0e ACE \u5339\u914d\u7684\u6d41\u91cf\u65e5\u5fd7\u8bb0\u5f55\u3002<\/p>\n<\/li>\n<\/ul>\n<h2>\u6269\u5c55ACL\u7684\u5173\u952e\u7279\u6027\u5206\u6790<\/h2>\n<p>\u6269\u5c55 ACL \u63d0\u4f9b\u4e86\u51e0\u4e2a\u5173\u952e\u529f\u80fd\uff0c\u4f7f\u5176\u6210\u4e3a\u7f51\u7edc\u7ba1\u7406\u5458\u7684\u91cd\u8981\u5de5\u5177\uff1a<\/p>\n<ol>\n<li>\n<p><strong>\u7ec6\u7c92\u5ea6\u63a7\u5236<\/strong>\uff1a\u901a\u8fc7\u6269\u5c55 ACL\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u7cbe\u786e\u5b9a\u4e49\u5141\u8bb8\u54ea\u4e9b\u6d41\u91cf\u548c\u62d2\u7edd\u54ea\u4e9b\u6d41\u91cf\uff0c\u4ece\u800c\u5b9e\u73b0\u66f4\u5b89\u5168\u3001\u66f4\u9ad8\u6548\u7684\u7f51\u7edc\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u591a\u91cd\u8fc7\u6ee4\u6807\u51c6<\/strong>\uff1a\u57fa\u4e8e\u6e90\u548c\u76ee\u6807\u5730\u5740\u3001\u7aef\u53e3\u53f7\u548c\u534f\u8bae\u8fdb\u884c\u8fc7\u6ee4\u7684\u80fd\u529b\u4e3a\u4e0d\u540c\u7684\u7f51\u7edc\u73af\u5883\u63d0\u4f9b\u4e86\u66f4\u5927\u7684\u7075\u6d3b\u6027\u548c\u9002\u5e94\u6027\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u8bb0\u5f55\u548c\u76d1\u63a7<\/strong>\uff1a\u901a\u8fc7\u542f\u7528\u65e5\u5fd7\u8bb0\u5f55\uff0c\u7f51\u7edc\u7ba1\u7406\u5458\u53ef\u4ee5\u6df1\u5165\u4e86\u89e3\u6d41\u91cf\u6a21\u5f0f\u5e76\u8bc6\u522b\u6f5c\u5728\u7684\u5b89\u5168\u5a01\u80c1\u6216\u7f51\u7edc\u6027\u80fd\u95ee\u9898\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u57fa\u4e8e\u65f6\u95f4\u7684\u8fc7\u6ee4<\/strong>\uff1a\u57fa\u4e8e\u7279\u5b9a\u65f6\u95f4\u6bb5\u5e94\u7528\u8fc7\u6ee4\u89c4\u5219\u7684\u529f\u80fd\u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u5728\u9ad8\u5cf0\u548c\u975e\u9ad8\u5cf0\u65f6\u6bb5\u66f4\u6709\u6548\u5730\u7ba1\u7406\u7f51\u7edc\u8bbf\u95ee\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u6269\u5c55 ACL \u7684\u7c7b\u578b<\/h2>\n<p>\u6269\u5c55 ACL \u901a\u5e38\u6839\u636e\u5176\u8fc7\u6ee4\u7684\u534f\u8bae\u6216\u5e94\u7528\u7684\u65b9\u5411\u8fdb\u884c\u5206\u7c7b\u3002\u6700\u5e38\u89c1\u7684\u7c7b\u578b\u5305\u62ec\uff1a<\/p>\n<h3>1. \u57fa\u4e8eIP\u7684\u6269\u5c55ACL<\/h3>\n<p>\u8fd9\u4e9b ACL \u6839\u636e\u6e90 IP \u5730\u5740\u548c\u76ee\u6807 IP \u5730\u5740\u8fc7\u6ee4\u6d41\u91cf\u3002\u57fa\u4e8e IP \u7684 ACL \u901a\u5e38\u7528\u4e8e\u63a7\u5236\u4e00\u822c\u7f51\u7edc\u8bbf\u95ee\uff0c\u5e76\u4e14\u53ef\u4ee5\u5e94\u7528\u4e8e\u5165\u7ad9\u548c\u51fa\u7ad9\u63a5\u53e3\u3002<\/p>\n<h3>2. \u57fa\u4e8eTCP\/UDP\u7684\u6269\u5c55ACL<\/h3>\n<p>\u8fd9\u4e9b ACL \u6839\u636e TCP \u6216 UDP \u534f\u8bae\u4ee5\u53ca\u7279\u5b9a\u7684\u6e90\u548c\u76ee\u6807\u7aef\u53e3\u53f7\u6765\u8fc7\u6ee4\u6d41\u91cf\u3002\u57fa\u4e8e TCP\/UDP \u7684 ACL \u975e\u5e38\u9002\u5408\u63a7\u5236\u5bf9\u7279\u5b9a\u670d\u52a1\u6216\u5e94\u7528\u7a0b\u5e8f\u7684\u8bbf\u95ee\u3002<\/p>\n<h3>3. \u57fa\u4e8e\u65f6\u95f4\u7684\u6269\u5c55 ACL<\/h3>\n<p>\u57fa\u4e8e\u65f6\u95f4\u7684 ACL \u5141\u8bb8\u6839\u636e\u9884\u5b9a\u4e49\u7684\u65f6\u95f4\u8303\u56f4\u8fdb\u884c\u8fc7\u6ee4\uff0c\u786e\u4fdd\u4ec5\u5728\u6307\u5b9a\u7684\u65f6\u95f4\u6bb5\u5185\u5f3a\u5236\u6267\u884c\u67d0\u4e9b\u89c4\u5219\u3002<\/p>\n<h3>4. \u81ea\u53cd\u6269\u5c55 ACL<\/h3>\n<p>\u81ea\u53cd ACL\uff0c\u4e5f\u79f0\u4e3a\u201c\u5df2\u5efa\u7acb\u201dACL\uff0c\u52a8\u6001\u5141\u8bb8\u4e0e\u5185\u90e8\u4e3b\u673a\u53d1\u8d77\u7684\u51fa\u7ad9\u8fde\u63a5\u76f8\u5173\u7684\u8fd4\u56de\u6d41\u91cf\u3002<\/p>\n<h3>5. \u547d\u540d\u6269\u5c55 ACL<\/h3>\n<p>\u547d\u540d ACL \u63d0\u4f9b\u4e86\u4e00\u79cd\u4e3a\u8bbf\u95ee\u5217\u8868\u5206\u914d\u63cf\u8ff0\u6027\u540d\u79f0\u7684\u65b9\u6cd5\uff0c\u4f7f\u5b83\u4eec\u66f4\u6613\u4e8e\u7ba1\u7406\u548c\u7406\u89e3\u3002<\/p>\n<h2>\u4f7f\u7528\u6269\u5c55 ACL \u7684\u65b9\u6cd5\u3001\u95ee\u9898\u548c\u89e3\u51b3\u65b9\u6848<\/h2>\n<p>\u6269\u5c55 ACL \u5728\u7f51\u7edc\u7ba1\u7406\u3001\u5b89\u5168\u548c\u6d41\u91cf\u63a7\u5236\u65b9\u9762\u6709\u8bb8\u591a\u5b9e\u9645\u5e94\u7528\uff1a<\/p>\n<ol>\n<li>\n<p><strong>\u6d41\u91cf\u8fc7\u6ee4<\/strong>\uff1a\u6269\u5c55 ACL \u5141\u8bb8\u7ba1\u7406\u5458\u8fc7\u6ee4\u8fdb\u51fa\u7f51\u7edc\u7684\u4e0d\u9700\u8981\u6216\u6076\u610f\u6d41\u91cf\uff0c\u4ece\u800c\u589e\u5f3a\u5b89\u5168\u6027\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u9632\u706b\u5899\u89c4\u5219<\/strong>\uff1a\u4ee3\u7406\u670d\u52a1\u5668\u548c\u9632\u706b\u5899\u901a\u5e38\u4e00\u8d77\u5de5\u4f5c\u6765\u63a7\u5236\u548c\u8fc7\u6ee4\u6d41\u91cf\u3002\u6269\u5c55 ACL \u4f7f\u7ba1\u7406\u5458\u80fd\u591f\u8bbe\u7f6e\u9650\u5236\u5bf9\u67d0\u4e9b\u7f51\u7ad9\u6216\u670d\u52a1\u7684\u8bbf\u95ee\u7684\u9632\u706b\u5899\u89c4\u5219\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u670d\u52a1\u8d28\u91cf (QoS)<\/strong>\uff1a\u901a\u8fc7\u4f7f\u7528\u6269\u5c55 ACL \u5bf9\u7279\u5b9a\u6d41\u91cf\u8fdb\u884c\u4f18\u5148\u7ea7\u6392\u5e8f\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u786e\u4fdd\u5173\u952e\u5e94\u7528\u7a0b\u5e8f\u83b7\u5f97\u5fc5\u8981\u7684\u5e26\u5bbd\u548c\u670d\u52a1\u8d28\u91cf\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u7f51\u7edc\u5730\u5740\u8f6c\u6362 (NAT)<\/strong>\uff1a\u6269\u5c55 ACL \u5728 NAT \u914d\u7f6e\u4e2d\u975e\u5e38\u6709\u7528\uff0c\u53ef\u63a7\u5236\u5c06\u54ea\u4e9b\u5185\u90e8 IP \u5730\u5740\u8f6c\u6362\u4e3a\u7279\u5b9a\u7684\u516c\u5171 IP \u5730\u5740\u3002<\/p>\n<\/li>\n<\/ol>\n<p>\u7136\u800c\uff0c\u4f7f\u7528\u6269\u5c55 ACL \u53ef\u80fd\u4f1a\u5e26\u6765\u4e00\u4e9b\u6311\u6218\uff0c\u4f8b\u5982\uff1a<\/p>\n<ul>\n<li>\n<p><strong>\u590d\u6742<\/strong>\uff1a\u968f\u7740\u7f51\u7edc\u7684\u589e\u957f\uff0c\u7ba1\u7406\u548c\u7ef4\u62a4\u6269\u5c55 ACL \u53ef\u80fd\u4f1a\u53d8\u5f97\u590d\u6742\u4e14\u8017\u65f6\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6f5c\u5728\u7684\u9519\u8bef<\/strong>\uff1a\u914d\u7f6e ACL \u65f6\u7684\u4eba\u4e3a\u9519\u8bef\u53ef\u80fd\u4f1a\u5bfc\u81f4\u610f\u5916\u7684\u5b89\u5168\u6f0f\u6d1e\u6216\u7f51\u7edc\u4e2d\u65ad\u3002<\/p>\n<\/li>\n<\/ul>\n<p>\u4e3a\u4e86\u89e3\u51b3\u8fd9\u4e9b\u95ee\u9898\uff0c\u7ba1\u7406\u5458\u5e94\u9075\u5faa\u6700\u4f73\u5b9e\u8df5\uff0c\u4f8b\u5982\u8bb0\u5f55 ACL \u914d\u7f6e\u3001\u4f7f\u7528 ACL \u7684\u63cf\u8ff0\u6027\u540d\u79f0\u4ee5\u53ca\u5728\u90e8\u7f72\u4e4b\u524d\u5728\u53d7\u63a7\u73af\u5883\u4e2d\u6d4b\u8bd5\u66f4\u6539\u3002<\/p>\n<h2>\u4e3b\u8981\u7279\u70b9\u53ca\u540c\u7c7b\u4ea7\u54c1\u6bd4\u8f83<\/h2>\n<p>\u8ba9\u6211\u4eec\u5c06\u6269\u5c55 ACL \u4e0e\u6807\u51c6 ACL \u4ee5\u53ca\u4e00\u4e9b\u76f8\u5173\u672f\u8bed\u8fdb\u884c\u6bd4\u8f83\uff1a<\/p>\n<table>\n<thead>\n<tr>\n<th>\u6807\u51c6<\/th>\n<th>\u6269\u5c55 ACL<\/th>\n<th>\u6807\u51c6 ACL<\/th>\n<th>\u9632\u706b\u5899<\/th>\n<\/tr>\n<\/thead>\n<tbody>\n<tr>\n<td>\u8fc7\u6ee4\u6807\u51c6<\/td>\n<td>IP \u5730\u5740\u3001\u534f\u8bae\u3001\u7aef\u53e3\u3001\u65f6\u95f4\u8303\u56f4<\/td>\n<td>IP\u5730\u5740<\/td>\n<td>IP \u5730\u5740\u3001\u7aef\u53e3\u3001\u5e94\u7528\u7a0b\u5e8f\u7b7e\u540d<\/td>\n<\/tr>\n<tr>\n<td>\u7075\u6d3b\u6027<\/td>\n<td>\u9ad8\u7684<\/td>\n<td>\u6709\u9650\u7684<\/td>\n<td>\u4e2d\u5230\u9ad8<\/td>\n<\/tr>\n<tr>\n<td>\u7c92\u5ea6<\/td>\n<td>\u7ec6\u7c92\u5ea6<\/td>\n<td>\u7c97<\/td>\n<td>\u7f13\u548c<\/td>\n<\/tr>\n<tr>\n<td>\u7528\u4f8b<\/td>\n<td>\u590d\u6742\u7684\u7f51\u7edc\u73af\u5883<\/td>\n<td>\u5c0f\u578b\u7f51\u7edc\uff0c\u57fa\u672c\u8fc7\u6ee4<\/td>\n<td>\u7f51\u7edc\u5b89\u5168\u548c\u8bbf\u95ee\u63a7\u5236<\/td>\n<\/tr>\n<\/tbody>\n<\/table>\n<h2>\u4e0e\u6269\u5c55 ACL \u76f8\u5173\u7684\u672a\u6765\u524d\u666f\u548c\u6280\u672f<\/h2>\n<p>\u6269\u5c55 ACL \u7684\u672a\u6765\u4e0e\u7f51\u7edc\u6280\u672f\u548c\u5b89\u5168\u63aa\u65bd\u7684\u6301\u7eed\u53d1\u5c55\u5bc6\u5207\u76f8\u5173\u3002\u4e00\u4e9b\u6f5c\u5728\u7684\u8fdb\u6b65\u5305\u62ec\uff1a<\/p>\n<ol>\n<li>\n<p><strong>\u81ea\u52a8\u5316<\/strong>\uff1a\u7f51\u7edc\u65e5\u76ca\u590d\u6742\uff0c\u9700\u8981\u66f4\u591a\u81ea\u52a8\u5316\u89e3\u51b3\u65b9\u6848\u3002\u53ef\u4ee5\u91c7\u7528\u4eba\u5de5\u667a\u80fd\u9a71\u52a8\u7684\u5de5\u5177\u6765\u5e2e\u52a9\u6709\u6548\u5730\u751f\u6210\u548c\u7ba1\u7406\u6269\u5c55 ACL\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6df1\u5ea6\u6570\u636e\u5305\u68c0\u6d4b (DPI)<\/strong>\uff1aDPI \u6280\u672f\u4e0d\u65ad\u53d1\u5c55\uff0c\u4f7f\u5f97\u6269\u5c55 ACL \u5728\u8bc6\u522b\u548c\u63a7\u5236\u5404\u79cd\u5e94\u7528\u7a0b\u5e8f\u548c\u534f\u8bae\u65b9\u9762\u53d8\u5f97\u66f4\u52a0\u590d\u6742\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u96f6\u4fe1\u4efb\u7f51\u7edc<\/strong>\uff1a\u968f\u7740\u96f6\u4fe1\u4efb\u6982\u5ff5\u7684\u6d41\u884c\uff0c\u6269\u5c55 ACL \u53ef\u7528\u4e8e\u5728\u7f51\u7edc\u5185\u5b9e\u73b0\u7cbe\u7ec6\u7684\u8bbf\u95ee\u63a7\u5236\u548c\u5206\u6bb5\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u5982\u4f55\u4f7f\u7528\u4ee3\u7406\u670d\u52a1\u5668\u6216\u5982\u4f55\u5c06\u4ee3\u7406\u670d\u52a1\u5668\u4e0e\u6269\u5c55 ACL \u5173\u8054<\/h2>\n<p>\u4ee3\u7406\u670d\u52a1\u5668\uff08\u4f8b\u5982 OneProxy (oneproxy.pro)\uff09\u5728\u589e\u5f3a\u7528\u6237\u8bbf\u95ee\u4e92\u8054\u7f51\u7684\u5b89\u5168\u6027\u3001\u9690\u79c1\u6027\u548c\u6027\u80fd\u65b9\u9762\u53d1\u6325\u7740\u91cd\u8981\u4f5c\u7528\u3002\u5f53\u4e0e\u6269\u5c55 ACL \u96c6\u6210\u65f6\uff0c\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u63d0\u4f9b\u989d\u5916\u7684\u597d\u5904\uff1a<\/p>\n<ol>\n<li>\n<p><strong>\u5185\u5bb9\u8fc7\u6ee4<\/strong>\uff1a\u53ef\u4ee5\u5728\u4ee3\u7406\u670d\u52a1\u5668\u4e0a\u5e94\u7528\u6269\u5c55 ACL\uff0c\u4ee5\u9650\u5236\u5bf9\u7279\u5b9a\u7f51\u7ad9\u6216\u5185\u5bb9\u7c7b\u522b\u7684\u8bbf\u95ee\uff0c\u4ee5\u63d0\u9ad8\u5408\u89c4\u6027\u548c\u5b89\u5168\u6027\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u6076\u610f\u8f6f\u4ef6\u9632\u62a4<\/strong>\uff1a\u901a\u8fc7\u5c06\u6269\u5c55 ACL \u4e0e\u4ee3\u7406\u670d\u52a1\u5668\u529f\u80fd\u76f8\u7ed3\u5408\uff0c\u7ba1\u7406\u5458\u53ef\u4ee5\u963b\u6b62\u5bf9\u5df2\u77e5\u6076\u610f\u7ad9\u70b9\u7684\u8bbf\u95ee\u5e76\u9632\u6b62\u6076\u610f\u8f6f\u4ef6\u5230\u8fbe\u5ba2\u6237\u7aef\u3002<\/p>\n<\/li>\n<li>\n<p><strong>\u533f\u540d\u548c\u9690\u79c1<\/strong>\uff1a\u4ee3\u7406\u670d\u52a1\u5668\u53ef\u4ee5\u5e2e\u52a9\u7528\u6237\u4fdd\u6301\u5728\u7ebf\u533f\u540d\u6027\uff0c\u800c\u6269\u5c55 ACL \u5219\u589e\u52a0\u4e86\u989d\u5916\u7684\u5b89\u5168\u5c42\u5e76\u63a7\u5236\u4f20\u8f93\u7684\u6570\u636e\u3002<\/p>\n<\/li>\n<\/ol>\n<h2>\u76f8\u5173\u94fe\u63a5<\/h2>\n<p>\u6709\u5173\u6269\u5c55ACL\u7684\u66f4\u591a\u4fe1\u606f\uff0c\u60a8\u53ef\u4ee5\u53c2\u8003\u4ee5\u4e0b\u8d44\u6e90\uff1a<\/p>\n<ol>\n<li>\n<p>\u601d\u79d1\u6587\u6863\uff1a <a href=\"https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/security\/ios-firewall\/23602-confaccesslists.html\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/security\/ios-firewall\/23602-confaccesslists.html<\/a><\/p>\n<\/li>\n<li>\n<p>\u77bb\u535a\u7f51\u7edc\u6587\u6863\uff1a <a href=\"https:\/\/www.juniper.net\/documentation\/en_US\/junos\/topics\/topic-map\/security-acls.html\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/www.juniper.net\/documentation\/en_US\/junos\/topics\/topic-map\/security-acls.html<\/a><\/p>\n<\/li>\n<li>\n<p>TechTarget\u7f51\u7edc\u5b89\u5168\uff1a <a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/access-control-list\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/searchsecurity.techtarget.com\/definition\/access-control-list<\/a><\/p>\n<\/li>\n<li>\n<p>IETF RFC 3550\uff1a <a href=\"https:\/\/tools.ietf.org\/html\/rfc3550\" target=\"_new\" rel=\"noopener nofollow\">https:\/\/tools.ietf.org\/html\/rfc3550<\/a><\/p>\n<\/li>\n<\/ol>\n<p>\u901a\u8fc7\u4e86\u89e3\u5e76\u6709\u6548\u5229\u7528\u6269\u5c55 ACL\uff0c\u7f51\u7edc\u7ba1\u7406\u5458\u548c\u4ee3\u7406\u670d\u52a1\u5668\u63d0\u4f9b\u5546\u53ef\u4ee5\u589e\u5f3a\u5176\u5b89\u5168\u57fa\u7840\u8bbe\u65bd\u3001\u786e\u4fdd\u66f4\u597d\u7684\u6d41\u91cf\u7ba1\u7406\u5e76\u63d0\u9ad8\u6574\u4f53\u7f51\u7edc\u6027\u80fd\u3002<\/p>","protected":false},"featured_media":477161,"menu_order":0,"template":"","meta":{"_acf_changed":false,"content-type":"","inline_featured_image":false,"footnotes":""},"class_list":["post-477160","wiki","type-wiki","status-publish","has-post-thumbnail","hentry"],"acf":{"faq_title":"Frequently Asked Questions about <mark>Extended ACLs: Enhancing Proxy Server Security and Control<\/mark>","faq_items":[{"question":"<strong>What are Extended ACLs, and how do they differ from standard ACLs?<\/strong>","answer":"<p>Extended ACLs, or Extended Access Control Lists, are powerful network filtering mechanisms used in routers, switches, and proxy servers. They allow administrators to control traffic based on various criteria like source\/destination IP addresses, port numbers, and protocols. The key difference between Extended and standard ACLs is that Extended ACLs offer more granularity and flexibility in traffic filtering, enabling a finer level of control over network access.<\/p>"},{"question":"<strong>Where did Extended ACLs originate, and when were they first introduced?<\/strong>","answer":"<p>Extended ACLs were developed to address the limitations of standard ACLs as networks grew in complexity. Cisco introduced the concept of Extended ACLs in their IOS documentation to cater to the demands of larger and intricate networks. Over time, Extended ACLs gained popularity and were adopted by various other networking vendors.<\/p>"},{"question":"<strong>How do Extended ACLs work internally, and what is the structure of an ACL entry?<\/strong>","answer":"<p>Extended ACLs operate at the network layer (Layer 3) and consist of individual Access Control Entries (ACEs). Each ACE comprises a sequence number, action (permit\/deny), protocol type, source and destination IP addresses, port numbers, optional time range, and a logging flag. When network traffic passes through an Extended ACL, it is evaluated against the ACEs sequentially until a match is found. The specified action is then applied to the traffic.<\/p>"},{"question":"<strong>What are the key features of Extended ACLs that make them essential for network management?<\/strong>","answer":"<p>Extended ACLs offer several important features, including fine-grained control over traffic, multiple filtering criteria (IP addresses, ports, protocols), time-based filtering, and optional logging for monitoring. These features empower administrators to establish precise traffic policies, enhance security, and prioritize critical applications.<\/p>"},{"question":"<strong>What types of Extended ACLs exist, and how are they categorized?<\/strong>","answer":"<p>Extended ACLs can be categorized based on their filtering criteria and application direction. Common types include IP-based Extended ACLs (filtering based on IP addresses), TCP\/UDP-based Extended ACLs (filtering based on port numbers and protocols), time-based Extended ACLs (applying filters during specific time ranges), reflexive Extended ACLs (dynamically allowing return traffic), and named Extended ACLs (descriptive names for access lists).<\/p>"},{"question":"<strong>How can Extended ACLs be used, and what problems may arise when implementing them?<\/strong>","answer":"<p>Extended ACLs have various applications, such as traffic filtering, firewall rules, quality of service, and network address translation. However, their complexity may pose challenges in managing larger networks, and human errors during configuration could lead to unintended security vulnerabilities or disruptions. Best practices include proper documentation, using descriptive names, and testing changes before deployment.<\/p>"},{"question":"<strong>How do Extended ACLs compare to other network security terms like standard ACLs and firewalls?<\/strong>","answer":"<p>Compared to standard ACLs, Extended ACLs offer greater flexibility and granularity in filtering criteria. Firewalls, on the other hand, use a combination of IP addresses, ports, and application signatures for access control. Extended ACLs are ideal for more complex network environments, whereas standard ACLs suit smaller networks with basic filtering requirements.<\/p>"},{"question":"<strong>What can we expect for the future of Extended ACLs and related networking technologies?<\/strong>","answer":"<p>The future of Extended ACLs is likely to involve increased automation, advanced Deep Packet Inspection (DPI) technologies, and integration with the concept of zero trust networking. These advancements will further enhance network security and performance.<\/p>"},{"question":"<strong>How are proxy servers associated with Extended ACLs, and what benefits do they offer?<\/strong>","answer":"<p>Proxy servers like OneProxy (oneproxy.pro) can enhance security, privacy, and performance for internet users. When integrated with Extended ACLs, proxy servers can provide content filtering, malware protection, and anonymous browsing, adding an extra layer of security and control for users.<\/p>"},{"question":"<strong>Where can I find more information about Extended ACLs?<\/strong>","answer":"<p>For more in-depth information about Extended ACLs, you can refer to resources like Cisco Documentation (<a href=\"https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/security\/ios-firewall\/23602-confaccesslists.html\" target=\"_new\">https:\/\/www.cisco.com\/c\/en\/us\/support\/docs\/security\/ios-firewall\/23602-confaccesslists.html<\/a>), Juniper Networks Documentation, TechTarget Network Security (<a href=\"https:\/\/searchsecurity.techtarget.com\/definition\/access-control-list\" target=\"_new\">https:\/\/searchsecurity.techtarget.com\/definition\/access-control-list<\/a>), and IETF RFC 3550 (<a href=\"https:\/\/tools.ietf.org\/html\/rfc3550\" target=\"_new\">https:\/\/tools.ietf.org\/html\/rfc3550<\/a>).<\/p>"}]},"_links":{"self":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477160","targetHints":{"allow":["GET"]}}],"collection":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki"}],"about":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/types\/wiki"}],"version-history":[{"count":0,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/wiki\/477160\/revisions"}],"wp:featuredmedia":[{"embeddable":true,"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media\/477161"}],"wp:attachment":[{"href":"https:\/\/oneproxy.pro\/cn\/wp-json\/wp\/v2\/media?parent=477160"}],"curies":[{"name":"\u53ef\u6e7f\u6027\u7c89\u5242","href":"https:\/\/api.w.org\/{rel}","templated":true}]}}