# Configure Modular Policy Framework on Pix ###### tags: `cisco` `pix` Pix image: pix704.bin ### configuration steps: ``` [1]. Create a class map (traffic class) [2]. Define class map matches [3]. Create a policy map [4]. Assign traffic classes to the policy map [5]. Assign policies for each class. [6]. Assign policies to an interface ``` ### sample configuration ``` pixfirewall(config)# class-map http1 pixfirewall(config-cmap)# match port tcp eq 80 pixfirewall(config-cmap)# exit pixfirewall(config)# policy-map outside1 pixfirewall(config-pmap)# class http1 pixfirewall(config-pmap-c)#police 64000 1000 conform-action transmit exceed-action drop pixfirewall(config-pmap-c)#service-policy outside1 interface outside pixfirewall(config)#show run policy-map pixfirewall(config)# sh run policy-map ! policy-map outside1 class http1 police 64000 1000 pixfirewall(config)#sh run class-map ! class-map http1 match port tcp eq www ! pixfirewall(config)#sh service-policy Interface outside: Service-policy: outside1 Class-map: http1 police Interface outside: cir 64000 bps, bc 1000 bytes conformed 0 packets, 0 bytes; actions: transmit exceeded 0 packets, 0 bytes; actions: drop conformed 0 bps, exceed 0 bps Inspect: http, packet 0, drop 0, reset-drop 0 pixfirewall(config)#sh run service-policy service-policy outside1 interface outside pixfirewall(config)# ```