用ACL封堵pplive的方法探讨

　　经过测试以下方法对pplive 1.8及其以下版本完全有效。此方法在任何cisco router和支持访问控制列表功能的路由器上均有效，而且只需要基本版的IOS，不需要NBAR或者其他高级功能的支持。可以说是一个解决pplive 的大众版的解决方法。至于在前两个帖子里，有同仁提到的用Qos或者更好的方法解决各种p2p软件的问题，我这里做简单的回答。

　　1.BT 可以用Cisco的NBAR来解决，如果没有NBAR，则可以在路由器上建立IOS Firewall，因为在Firewall后的BT连接速度较慢，对网络影响不大。

　　2.电骡 emule 可以用Cisco的NBAR来解决，如果没有NBAR，则可以在路由器上建立IOS Firewall，因为在Firewall后的eMule连接速度较慢，对网络影响不大。

　　3.MSN Yahoo Messager QQ AOL等聊天软件，可以用NBAR和Access－list的方法来封堵

　　4.pplive ppstream等p2p视频软件，支持对这些软件的Qos功能的，在Cisco只有Cisco Service Control Application 支持，但是价格很贵，2x万左右，一般都是ISP或者大型校园网才会采用。

　　如果想对本帖的原理有兴趣，可以参见这两个帖子，如果没有兴趣，直接Ctrl－C，Ctrl－V即可。

　　以下是访问控制列表：

ip access-list extended deny-ppliveremark pplive-type-I-udp-8000deny ip any host 60.191.100.15deny ip any host 60.209.6.12deny ip any host 202.108.45.18deny ip any host 58.211.1.210deny ip any host 202.112.20.105remark pplive-type-I-httpdeny ip any host 60.191.100.16deny ip any host 202.108.45.19deny ip any host 202.112.20.106remark pplive-type-II-udp-8000deny ip any host 58.211.1.207deny ip any host 219.228.16.7deny ip any host 60.209.6.15remark pplive-type-II-httpdeny ip any host 60.209.6.16deny ip any host 219.228.16.8deny ip any host 58.211.1.214remark pplive-type-III-udp-8000deny ip any host 202.108.45.20deny ip any host 60.191.100.13deny ip any host 58.211.1.205deny ip any host 219.228.16.2deny ip any host 60.209.126.138remark pplive-type-III-httpdeny ip any host 60.191.100.14deny ip any host 219.228.16.3deny ip any host 60.209.126.131remark pplive-type-IV-udp-8000deny ip any host 58.211.1.209deny ip any host 58.211.1.205deny ip any host 202.108.45.20deny ip any host 219.228.16.2deny ip any host 60.209.6.13remark pplive-type-IV-httpdeny ip any host 219.228.16.3deny ip any host 60.209.6.14deny ip any host 58.211.1.216remark pp.pplive.comdeny ip any host 58.221.247.94deny ip any host 58.221.247.92deny ip any host 58.221.247.93deny ip any host 58.211.136.153deny ip any host 58.211.136.154remark update.pplive.comdeny ip any host 61.153.180.178deny ip any host 61.153.180.179deny ip any host 61.153.180.180deny ip any host 61.178.92.134deny ip any host 61.128.110.184deny ip any host 61.128.110.185deny ip any host 61.132.255.72remark list.pplive.comdeny ip any host 124.74.194.162remark passport.pplive.comdeny ip any host 58.221.247.92deny ip any host 58.221.247.93deny ip any host 58.221.247.94remark www.pplive.comdeny ip any host 58.221.247.94deny ip any host 58.221.247.92deny ip any host 58.221.247.93deny ip any host 58.211.136.153deny ip any host 58.211.136.154remark res.pplive.comdeny ip any host 58.221.247.92deny ip any host 58.221.247.93deny ip any host 58.221.247.94remark p1.pplive.comdeny ip any host 61.163.183.74remark p2.pplive.comdeny ip any host 58.240.223.85remark p3.pplive.comdeny ip any host 60.191.100.15remark p4.pplive.comdeny ip any host 202.108.45.33remark pp1.pplive.comdeny ip any host 61.178.92.133deny ip any host 202.107.208.124deny ip any host 58.211.1.233remark pp2.pplive.comdeny ip any host 58.221.247.94deny ip any host 58.221.247.92deny ip any host 58.221.247.93deny ip any host 58.211.136.153deny ip any host 58.211.136.154remark pp3.pplive.comdeny ip any host 211.152.45.123remark pp4.pplive.comdeny ip any host 211.152.45.98deny ip any host 211.152.45.99remark p5-X&pp5-ppX.pplive.comdeny ip any host 218.83.175.154remark permit-other-packetpermit ip any any