[nsp] Access-lists to block ftp and web
elatour at cimex.com.cu
elatour at cimex.com.cu
Thu Jan 15 10:04:30 EST 2004
How I make an access-list than blocks web and ftp ports and permit other
traffic?
I write:
access-list 110 deny tcp any eq www any
access-list 110 deny tcp any any eq www
access-list 110 deny tcp any eq 8080 any
access-list 110 deny tcp any any eq 8080
access-list 110 deny tcp any eq ftp any
access-list 110 deny tcp any any eq ftp
access-list 110 permit icmp any any
access-list 110 permit udp any any
access-list 110 permit tcp any any
but all pass...
and reverse:
access-list 110 permit icmp any any
access-list 110 permit udp any any
access-list 110 permit tcp any any
access-list 110 deny tcp any eq www any
access-list 110 deny tcp any any eq www
access-list 110 deny tcp any eq 8080 any
access-list 110 deny tcp any any eq 8080
access-list 110 deny tcp any eq ftp any
access-list 110 deny tcp any any eq ftp
idem.
TIA,
Eugenio.
More information about the cisco-nsp
mailing list