acl name anti_worm advanced rule 0 deny udp destination-port eq tftp rule 1 deny tcp destination-port eq 135 rule 2 deny udp destination-port eq 135 rule 3 deny udp destination-port eq 137 rule 4 deny udp destination-port eq 138 rule 5 deny tcp destination-port eq 139 rule 6 deny udp destination-port eq netbios-ssn rule 7 deny tcp destination-port eq 445 rule 8 deny udp destination-port eq 445 rule 9 deny tcp destination-port eq 539 rule 10 deny udp destination-port eq 539 rule 11 deny tcp destination-port eq 593 rule 12 deny udp destination-port eq 593 rule 13 deny udp destination-port eq 1434 rule 14 deny tcp destination-port eq 4444 acl name anti_icmp advanced rule 0 deny icmp The above rules are globally distributed on the chip in the not-carefor-interface mode, for example: int e1/0/1 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interface int e2/0/1 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interface int e2/0/48 packet-filter inbound ip-group anti_worm not-care-for-interface packet-filter inbound ip-group anti_icmp not-care-for-interface |