From: Kemal Yildirim \(Netron\) (Kemal.Yildirim@netron.com.tr)
Date: Fri Mar 24 2006 - 04:47:50 GMT-3
class-map is the choosing point of what you want to play around.
After choose the criteria you would need to make an action on this
criteria.
The first class-map is choosing "worm code" and applying a drop action.
The second one is choosing everything EXCEPT "worm code" and then
appling nothing ie. Transmit action.
But beware of there is another class, the class-default, under every
policy-map
This mean your little worms may have a way to you network.
Think in straigth way, choose what you want to drop and apply a drop
action, all the other traffic have default action transmit under
class-default.
But you may use this kind of reverse logic in QoS applications
I hope this help.
Regards,
Kemal
-----Original Message-----
From: nobody@groupstudy.com [mailto:nobody@groupstudy.com] On Behalf Of
Aristomenis Zikopoulos
Sent: Friday, March 24, 2006 9:06 AM
To: nobody@groupstudy.com
Cc: ccielab@groupstudy.com
Subject: FW: difference between "match not" & "drop"
Hello,
Please, can someone tell me the difference between?
--------------
class-map match-all ROOT_EXPLOIT
match protocol http url "*root.exe*"
!
policy-map BB2_IN
class ROOT_EXPLOIT
drop
-----------------
and
-----------
class-map match-all ROOT_EXPLOIT
match no protocol http url "*root.exe*"
!
policy-map BB2_IN
class ROOT_EXPLOIT
----------------------------
Best Regards,
Aris
This archive was generated by hypermail 2.1.4 : Sat Apr 01 2006 - 10:07:40 GMT-3