[nsp] Access-lists to block ftp and web
Sam Stickland
sam_ml at spacething.org
Thu Jan 15 10:35:27 EST 2004
To block incoming www you need:
access-list 110 deny tcp any any eq www
What you have will block outgoing www.
Sam
----- Original Message -----
From: <elatour at cimex.com.cu>
To: <cisco-nsp at puck.nether.net>
Sent: Thursday, January 15, 2004 3:04 PM
Subject: [nsp] Access-lists to block ftp and web
How I make an access-list than blocks web and ftp ports and permit other
traffic?
I write:
access-list 110 deny tcp any eq www any
access-list 110 deny tcp any any eq www
access-list 110 deny tcp any eq 8080 any
access-list 110 deny tcp any any eq 8080
access-list 110 deny tcp any eq ftp any
access-list 110 deny tcp any any eq ftp
access-list 110 permit icmp any any
access-list 110 permit udp any any
access-list 110 permit tcp any any
but all pass...
and reverse:
access-list 110 permit icmp any any
access-list 110 permit udp any any
access-list 110 permit tcp any any
access-list 110 deny tcp any eq www any
access-list 110 deny tcp any any eq www
access-list 110 deny tcp any eq 8080 any
access-list 110 deny tcp any any eq 8080
access-list 110 deny tcp any eq ftp any
access-list 110 deny tcp any any eq ftp
idem.
TIA,
Eugenio.
----------------------------------------------------------------------------
----
> _______________________________________________
> cisco-nsp mailing list cisco-nsp at puck.nether.net
> https://puck.nether.net/mailman/listinfo/cisco-nsp
> archive at http://puck.nether.net/pipermail/cisco-nsp/
More information about the cisco-nsp
mailing list