Exempel på konfigurering av router Rb och Rc enligt rapportens avsnitt 8.5 (bild 9)
Dator D enligt bild 9 är ansluten till samma LAN-segment som Ra och Rb (till det s.k. LAN-DMZ, vilket utgör gränsen mellan Internet-operatören och myndigheten).
Konfigureringen beskrivs först med ett "högnivåspråk" och sedan med Cisco's konfigureringsspråk.
Rad med kommentar inleds med !
!;As comments a description of the access-lists in a more higher language !;than the real configs. !; !; Myndighet 193.0.1.0/24, Dator A 193.0.1.1 !; Rc-Dator B 193.0.2.0/24, Dator B 193.0.2.1 !; Rb-Dator B 193.0.3.0/24, Dator B 193.0.3.1 !; DMZ (Rb-Ra) 193.0.4.0/24, Dator D 193.0.4.1 (NNTP host) !; NTP servers 192.36.143.150, 192.36.143.2 !; Ref Bild 9 enligt 8.5 !; !; multicast 224.0.0.0 15.255.255.255 !; loopback 127.0.0.0 0.255.255.255 !; !; Bild 9 with dual router firewall (Rb & Rc) !;output access list from Rb towards dator B !;list 150 !deny ip multicast any !deny ip loopback any !deny ip B any !deny ip company any !permit tcp any B established !permit tcp any B eq dns !permit udp any B eq dns !permit udp ntp-peers B eq ntp !permit tcp any B eq www !permit tcp any B eq smtp !permit tcp any B eq gopher !permit tcp nntp-peers B eq nntp !permit tcp any B gt 1023 ! !;output interface from Rb towards DMZ !;list 151 !permit tcp B any established !permit udp B ntp-peers eq ntp !permit udp B any eq dns !permit tcp B any eq dns !permit tcp B any eq smtp !permit tcp B any eq www !permit tcp B any gt 1023 !permit tcp B external-nntp eq nntp ! !----------------------------------------------------------- ! !Här börjar konfigureringen av Rb baserad på Cisco's !konfigureringsspråk ! !----------------------------------------------------------- version 10.3 no service finger no service pad service timestamps debug uptime service password-encryption no service tcp-small-servers ! hostname rb ! boot system flash enable password 7 060506324F41 ! no ip source-route ! interface Ethernet0 description ethernet till dator B ip address 193.0.3.254 255.255.255.0 ip access-group 150 out no ip redirects no ip proxy-arp ! interface Ethernet1 description ethernet till DMZ och router Ra ip address 193.0.4.253 255.255.255.0 ip access-group 151 out no ip redirects no ip proxy-arp bandwidth 64 ! router rip network 193.0.1.0 redist static default-metric 1 distance 240 ! ip domain-name Myndigheten.Se ip name-server 192.36.143.3 ip route 0.0.0.0 0.0.0.0 193.0.4.254 ! access-list 150 deny ip 224.0.0.0 15.255.255.255 any access-list 150 deny ip 127.0.0.0 0.255.255.255 any access-list 150 deny ip host 193.0.3.1 any access-list 150 deny ip 193.0.2.0 0.0.0.255 any access-list 150 deny ip 193.0.1.0 0.0.0.255 any access-list 150 permit tcp any host 193.0.3.1 established access-list 150 permit tcp any host 193.0.3.1 eq domain access-list 150 permit udp any host 193.0.3.1 eq domain access-list 150 permit udp host 192.36.143.150 host 193.0.3.1 eq ntp access-list 150 permit udp host 192.36.143.2 host 193.0.3.1 eq ntp access-list 150 permit tcp any host 193.0.3.1 eq www access-list 150 permit tcp any host 193.0.3.1 eq smtp access-list 150 permit tcp any host 193.0.3.1 eq gopher access-list 150 permit tcp host 193.0.4.1 host 193.0.3.1 eq nntp access-list 150 permit tcp any host 193.0.3.1 gt 1023 access-list 151 permit tcp host 193.0.3.1 any established access-list 151 permit udp host 193.0.3.1 host 192.36.143.150 eq ntp access-list 151 permit udp host 193.0.3.1 host 192.36.143.2 eq ntp access-list 151 permit udp host 193.0.3.1 any eq domain access-list 151 permit tcp host 193.0.3.1 any eq domain access-list 151 permit tcp host 193.0.3.1 any eq smtp access-list 151 permit tcp host 193.0.3.1 any eq www access-list 151 permit tcp host 193.0.3.1 any gt 1023 access-list 151 permit tcp host 193.0.3.1 host 193.0.4.1 eq nntp ! line con 0 password 7 045802150C2E login ! end