Re: [nsp] some filter questions

From: Fredrik Widell (frwi@global-ip.net)
Date: Fri Feb 13 1998 - 03:03:05 EST


On Fri, 13 Feb 1998, Tatsuya Kawasaki wrote:

>
> I currently use 10.3 and I have a question on ip packet filter.
>
> It thought I knew how tut it fails to filter.
>
> I create access-list 105 as follow
> access-list 105 deny udp any any eq netbios-ns
> access-list 105 deny tcp any any eq 137
> access-list 105 deny tcp any any eq 138
> access-list 105 deny tcp any any eq 139
> access-list 105 permit ip any any
>
> and I put into etherport say 5 as follow
>
> ip access-list 105 in
>
> then I ping with land host 139, it will kill the machine.
> why?
>
> does it suppose to ?
>
> I thought I filter the packet via accesss-list 105.
>
> what did I do wrong?
>
> thnx in adv.
>
> tatsuya

I think you should apply this to outgoing traffic, i.e

ip access-list 105 out
                   ^^^

Regards.

        /Fredrik

---------------------------------
Fredrik Widell - Global IP Sweden
Phone : +46 8 519 131 00
Mail : frwi@global-ip.net



This archive was generated by hypermail 2b29 : Sun Aug 04 2002 - 04:13:15 EDT