The rule anti-nested-rdc command configures a check rule for the function to deny double-hop remote desktop. If the FW detects that a program matching the rule is running on a terminal, the terminal fails to access the network.
The undo rule anti-nested-rdc command deletes a check rule for the function to deny double-hop remote desktop.
rule rule-name anti-nested-rdc { md5 md5-value | sha256 sha256-value | port port-number | win-name win-name }
undo rule rule-name anti-nested-rdc { md5 md5-value | sha256 sha256-value | port port-number | win-name win-name }
| Parameter | Description | Value |
|---|---|---|
rule-name |
Specifies the name of a rule. |
The value is a string of 1 to 63 case-sensitive characters. |
md5 md5-value |
Specifies an MD5 value for the remote sharing program. |
The value is a string of 32 case-insensitive characters, which can be digits (0 to 9) or letters (a to f or A to F). |
sha256 sha256-value |
Specifies an SHA256 value for the remote sharing program. |
The value is a string of 64 case-insensitive characters, which can be digits (0 to 9) or letters (a to f or A to F). |
port port-number |
Specifies a port number for the remote sharing program. |
The value is a string of 1 to 15 characters. |
win-name win-name |
Specifies a window name for the remote sharing program. |
The value is a string of 1 to 127 case-sensitive characters. |
Before running the rule anti-nested-rdc command, run the rule type command to add a rule for a host check policy.
The name of a program or file can be changed. If you change the name, the original name authentication method becomes invalid. In this case, SHA256 or MD5 authentication is recommended. An SHA256 or MD5 value uniquely identifies a program or file. A rule supports a maximum of five Verification values.
# Configure a check rule for the function to deny double-hop remote desktop to prevent the program with the port number of 634 from running.
<sysname> system-view [sysname] v-gateway abc [sysname-abc] hostchecker [sysname-abc-hostchecker] eps-policy policy1 [sysname-abc-hostchecker-policy1] rule rule1 type anti-nested-rdc [sysname-abc-hostchecker-policy1] rule rule1 anti-nested-rdc port 634