These ACLs are to block virus attack (这些访问控制列表要堵塞病毒攻击)
 You need to make sure all your expected network service are not blocked by these ACLs
(你需要确定你的需要的网络服务中不备访问控制列表要堵塞)
These ACLs' precedence are within 1001 ~ 1500(访问控制列表优先在1001-1500)
SQL Slammer/MS-SQL Server Worm(病毒)
create access-list udp1434-d-de udp destination any ip-port 1434 source any
 ip-port any deny ports any precedence 1001(创建数据列表为udp1434-d-de，凡是
来源于1434端口的数据包都优先于1001)
W32/Blaster worm (病毒)
create access-list udp69-d-de udp destination any ip-port 69 source any ip-port
 any deny ports any precedence 1011(创建数据列表为udp69-d-de udp，凡是来源于69
端口的数据包都优先于1011)
create access-list udp135-d-de udp destination any ip-port 135 source any ip-port
 any deny ports any precedence 1013(创建数据列表为udp135-d-de udp，凡是来源于135
端口的数据包都优先于1013)

system-guard detect-maxnum 5 (设置当前最大可检测的染毒主机数目5台)
system-guard detect-threshold IP-record-threshold record-times-threshold isolate-time
(该命令可以设置地址学习数目的上限、重复检测次数的上限和隔离时间。)