我想审核一个screenOS瞻博networking防火墙。 我已经提供了configuration文件,但我不熟悉语法。 我想知道“退出”命令。
在configuration文件中,大多数策略后面跟着一个或两个附加的命令和一个退出语句:
[...] set policy id <id1> name "<name1>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service1>" permit log set policy id <id1> exit set policy id <id2> name "<name2>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service2>" permit log set policy id <id2> set service "<service3>" set service "<service4>" set service "<service5>" set service "<service6>" exit [...] 我应该如何解释呢? 如果退出声明组策略在一起,那么只有冗余信息。 策略ID已经在上面的行中设置。 下线的服务3,4,5,6已经包含在服务2中。
退出语句不仅在set policy语句后出现。
Juniper ScreenOSconfiguration文件只是一个很长的CLI命令列表。 如果我们在每一行的开头添加提示, exit的目的就变得更加清晰:
[...] device-> set policy id <id1> name "<name1>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service1>" permit log device-> set policy id <id1> device(policy:<id1>)-> exit device-> set policy id <id2> name "<name2>" from "<zone1>" to "<zone2>" "<address1>" "<address2>" "<service2>" permit log device-> set policy id <id2> device(policy:<id2>)-> set service "<service3>" device(policy:<id2>)-> set service "<service4>" device(policy:<id2>)-> set service "<service5>" device(policy:<id2>)-> set service "<service6>" device(policy:<id2>)-> exit [...] device-> save